3

This is a two-part question:

  1. How do I hash the user password in an Android application and store the hash in the database?

  2. How do I convert the user login password and check with the already stored hash in the database?

Note: I am only interested in the code related to Android (Java). If you could explain how to do this using Android Studio, that's much better.

Improve this question
4
  • 1
    Where is the database where you want to store the password? In my experience, the checking of the password would be taking place on the server side, not on your local Android phone. Commented Jun 21, 2017 at 4:29
  • 1
    do you want to store the user password in local db or some remote server?? Commented Jun 21, 2017 at 4:31
  • the password would be stored on server side. But can you give the answer if i want to store in local db too? Commented Jun 21, 2017 at 4:34
  • I think you should be able to use the jBCrypt library to calculate password hashes, though never tried it myself. Commented Jun 21, 2017 at 7:27

1 Answer 1

Reset to default
2

You can calculate the PBKDF2 function in Android hash of a string using the linked code. If you want to store the password locally, store that hashed string in a local SQL database. If you want to convert the login password, just hash the password that the user enters, and perform a SQL query in the local database to compare that new hashed password with the one stored in the database. However, I would recommend not storing the password on your phone and using a remote database instead. Depending on the DB you use, the answer for how to store and get the data will be different. However, you can still calculate the BPKDF2 hash in the same way.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

No please don't recommend MD5 for password-hashing it is way too fast and can be brute-forced with 20 Giga MD5 per second. Recommended password-hash functions are BCrypt, SCrypt, PBKDF2 and Argon2.
Ok, I didn't know that. Thank you for the clarification! Edited answer to reflect this.
@JohnDoe I get the concept in theory, but can you provide me the code. The link that you provided, takes me to further links and doesn't actually provide any code.
For the md5 hash, check this this link (stackoverflow.com/questions/4846484/md5-hashing-in-android) out, and for the PBKDF2 encryption/decryption, check out this github link (gist.github.com/scotttam/874426)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.