How to Use Salted MD5 Hash for securing Login passwords.

MD5 (Message-Digest algorithm 5) is a most popular Cryptographic Hash Function which is 128 bit encryption algorithm . This is way One-Way Encryption. However Crackers may use possible techniques like Brute Force (easiest, but success low, brute force attack simply tries all possible combinations, until it finds the correct solution) , Collision Checking (harder to implement) ( Collision checking is the attempt to find two different inputs to the md5 algorithm which create the same generated hash). The following tutorial explains about how to use Salted MD5 Hash for securing login passwords.

As MD5 hash generates the same encrypted value for the same password everytime, it is better to send the Salted MD5 hash value of the password. That means instead of sending MD5 hash of the password , send the MD5_Hash (MD5_Hash(user password) + salt) . As the MD5 hash value of password is added with salt then MD5 hash is generated , every time new encrypted value is sent . So it is hard to crack or takes more time to crack.
Now Let us see how to use Salted MD5 hash in your application especially for login screen. The following steps and code will guide you.

Workflow

I) In the Login Page JSP:

     1) Calculate MD5 of the user Input Password — > A

     2) Add Randam values (Salt) to A — > B

     3) Again Calculate MD5 hash of B — > C

Now C is sent to server

Note : salt is calculated using the server side script in the JSP and stored in session. Code is as follows

 <%
 // Characters allowed for the salt string
 String SALTCHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
 StringBuffer salt = new StringBuffer();
 java.util.Random rnd = new java.util.Random();
 // build a random 9 chars salt 
 while (salt.length() < 9)
 {
   int index = (int) (rnd.nextFloat() * SALTCHARS.length());
   salt.append(SALTCHARS.substring(index, index+1));
 }
 String saltStr=salt.toString();
 session.setAttribute("ran",saltStr); // Salt String is stored in session so that  we can retrieve in the serverside which is used to add with encrypted(MD5) passwo rd retrieved from the database 
% >
 <html:hidden property="ran" value=" <%=saltStr% >"/ > // the salt string is stored in the hidden field ran

Java Script Code :

   var password=document.loginForm.password1.value; 
   var ran=document.loginForm.ran.value; 
   var hash=hex_md5(pass);   // MD5 Hash of user input password  
   var saltedhash=hex_md5(hash+ran);  // Added with salt and the MD5 hash
   document.loginForm.password.value=saltedhash;  // sent to the server 

ran is a hidden field in the JSP whch contains the Salt Value.

II) In the serverside:

Retrive the actual password from server database by using login id. ( Server Database will have the MD5 hash value of the original Password as encripted password).

Now find MD5 hash ( Database encrypted Password + salt ) — > D. Now compare C with D . If both are equal means , then the user is authenticated.

Sample Code for the above steps.

Server Side Code (Partly):

String uesrid = loginForm.getLogin().trim();
 String passwd = loginForm.getPassword().trim();  // Encrypted Password from the user. (MD5 hash of MD5 hash password + salt)
HttpSession session1 = request.getSession(false);
String ran = (String) session1.getAttribute("ran");
       conn = Connection to the database.
   strQuery = "select password from user_login where UNAME=? "; // query for getting the encrypted passord from the table user_login
   prestmt = conn.prepareStatement(strQuery);
   prestmt.setString(1, uesrid);
   r_set = pstmt.executeQuery();
   if (r_set.next()) {
     pwd = r_set.getString("password");  // md5 hash value of the actual password 
     pwd = pwd.trim();
     DBPassword = getHash(pwd+ran); 

     if (DBPassword.equals(passwd))  {   success=true;  }
=========================================================================

// Function for getting MD5 hash Value.
public static String getHash(String pass) {
     byte buf[] = pass.getBytes();
     String hexStr = "";
   try {
      MessageDigest algorithm = MessageDigest.getInstance("MD5");
        algorithm.reset();
        algorithm.update(buf);
        byte[] digest = algorithm.digest();
       // get the hex string 
     for (int i = 0; i  &lt; digest.length; i++) {
       hexStr += Integer.toString((digest[i] &amp; 0xff) + 0x100, 16).substring(1);
       }
     } catch (Exception ex) {
        ex.printStackTrace();
        return "";
      }
    return hexStr.toString();
   }

Note : Please download md5.js and include in the login page jsp . You can also use sha1.js (Secured hash algorithm). function name will be hex_sha1 . The above sample code is based on struts framework.

Leave a Reply

21 day weight loss breakthrough diet diabetes pills to lose weight keto slim diet pills carb blocker weight loss pills that gwen stefani used reviews of keto slim diet pills fast weight loss on ketogenic diet good diets to lose weight skinny me weight loss pills best diet menu to lose weight perfect diet for quick weight loss why do you lose weight on low carb diet japanese diet plan weight loss adhd medicine weight loss changing up your diet for weight loss estrogen supplements for weight loss keto diet pills real glucomannan weight loss pills walmart weight loss with smoothie diet best weight loss pills 2020 holland and barrett how do safflower pills make you lose weight yaz birth control pills weight loss easiest keto diet weight loss diet regain weight nutrivein keto diet pills dash diet expected weight loss diet for seniors to lose weight healthy weight loss diet plans for indian vegan does sea kelp tablets help you lose weight

pills to help you last longer drugs in pill form uproar male enhancement dexron male enhancement buy black 4k bottle male enhancement pills for anal sex opal male enhancement right b complex pill penis enlargement fiction best male libido enhancer lotions diamond drug prolong male enhancement and elite 360 top 5 erectile dysfunction pills male enhancement charlotte nc getroman vs forhims vs blue pill marcuwet 1760 sex pills lobo male enhancement fx 7000 male enhancement sex legitamate male enhancement remidies max success pills power plus male enhancer fast penis enlargement pills 2020 allagan penis enlargement lab ffxiv male enhancement hairy gay nude naked synthetic cathinones sex pills estrogen killer supplement best asian male enhancement pills damiana for penis enlargement

lazarus naturals cbd reviews cbd hemp store portland phytocannabinoids vs cbd natures cbd oil cbd oil for parkinsons mayo clinic how use cbd oil procana cbd complete co2 cbd oil cbd tincture 250mg cbd vs cbt cbd pills for cancer constantly cbd oil mothers market cbd oil green gold cbd cbd gorilla glue thc cbd test heavenly candy cbd does cbd oil make bc less effective activated cbd cbd edible gummies side effects brighten pure cbd reviews cbd edibles no thc cbd restless leg syndrome cbd cheeba chew does cbd oil come up on drug tests cbd cause tiredness does workers comp pay for cbd oil cbd oil latest news