0

I have a requirement to create a AES based encrypted password. I'm using Spring Security 3.0.5's PasswordEncoder.endcodePassword method and passing in AES, but I'm unsure if thats the proper technique...

passwordEncoder.encodePassword("xyz", "AES")

Improve this question

1 Answer 1

Reset to default
1

It's a very strange requirement. The usual password storage strategy is to store their hashes. It prevents malicious person from obtaining passwords if he managed to get access to your database. Spring Security's built-in password encoders implement this approach.

The idea to use symmetric encryption to store passwords in the database appears to be less secure, since you need to store secret key somewhere in your application, and it's likely that if malicious person gets access to your database, he can also get access to your secret key, so that he can decrypt your passwords.

However, if you rellay need to follow that approach, you can implement your own PasswordEncoder that gets secret key and uses AES encryption, based on some tutorial on using AES in Java.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.