tags:

views:

117

answers:

5
+4  Q: 

Equivalent of PHP's crypt function in Java

I am migrating my PHP code to Google App Engine - Java.
So I need an equivalent of PHP's crypt function in Java,
since I have stored all the passwords of registered users
using crypt in my DB.

Edit 1: Here is my php code for encrypting passwords :

$password = "test123";
$pwd = crypt($password,$password);
echo $pwd;

Output is (On Windows as well as a linux based server on HostMonser):
temjCCsjBECmU

Can someone give me equivalted java code?
I have tried various permutations & combinations with
MessageDigest class, but can't get it right..

Edit 2:
Here is sample code which I thought would work but did not: 

try {
                {
                    String password = "test123";
                    MessageDigest digest = MessageDigest.getInstance( "MD5" ); 
                    byte[] passwordBytes = password.getBytes( ); 

                    digest.reset( );
                    digest.update( passwordBytes );
                    digest.update( passwordBytes );
                    byte[] message = digest.digest( );

                    StringBuffer hexString = new StringBuffer();
                    for ( int i=0; i < message.length; i++) 
                    {
                        hexString.append( Integer.toHexString(
                            0xFF & message[ i ] ) );
                    }
                    String encrypted = hexString.toString();
                    System.out.println(encrypted);
                  } } catch (NoSuchAlgorithmException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }
A: 

Well, PHP's crypt isn't actually encryption as far as I know. It's just a wrapper around some one-way hashing functions I believe, so if your current PHP site's using crypt's MD5 or SHA256 or whatever, I'd expect that you could find those equivalent hashing classes/functions in Java.

theraccoonbear  2010-07-20 16:31:34
+4  A: 

You have to know what implementation of PHP crypt has been used (MD5? SHA256? SHA512?) because there are several, depending on your OS : http://php.net/manual/fr/function.crypt.php

The Java equivalent class is MessageDigest. When you create an instance of this class, you provide the hash algorithm, for example :

MessageDigest md = MessageDigest.getInstance("MD5");
MessageDigest md2 = MessageDigest.getInstance("SHA-256");
MessageDigest md3 = MessageDigest.getInstance("SHA-512");
// etc.
byte[] encryptedPassword = md.digest("yourPassword".getBytes());
Benoit Courtine  2010-07-20 16:34:23
That PHP manual page is in French, English version here: http://php.net/manual/en/function.crypt.php
R. Bemrose  2010-07-20 17:34:28
I'm sorry. Thanks for the correction. Since I am french, I did not notice when I posted the response.
Benoit Courtine  2010-07-20 18:10:40
+1  A: 

You need to take a look at the java.security classes (what used to tbe the JCE):

In there you'll find everything you need to do what you want (depending on which algorithm you need).

http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/security/package-summary.html

e.g. MessageDigest for MD5/SHA etc:

http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/security/MessageDigest.html

Check these against the Google App Engine whitelist here, I'm not sure what's supported and what isn't.

http://code.google.com/appengine/docs/java/jrewhitelist.html

The java.security stuff can be a bit of a pain to work with sometimes, you may alternatively want to use Jasypt - which is a more simplified API that works with any JCE:

http://www.jasypt.org/

Jon  2010-07-20 16:35:02
+1  A: 

It seems you have to work with a legacy database already populated with passwords you cannot discard, so you can't just switch to a salted MessageDigest, preferably using SHA-1. And your problem gets more complicated, since PHP's crypt is a wrapper that might use one of several algorithms. But let's assume your PHP uses the original DES-based UNIX crypt, then all you need is an implementation of that in Java. As far as i know, there is no implementation of UNIX's crypt in the standard Java installation, but you might want to look here for a list of options.

wallenborn  2010-07-20 16:41:50
A: 

PHP's crypt supports multiple hash functions. If you use the MD5 version (hash starts with $1$), you can find a Java implementation here,

http://www.java2s.com/Open-Source/Java-Document/Groupware/LibreSource/md5/MD5Crypt.java.htm

Please notice that they use their own MD5 class. I am not sure if it's the same as standard MD5.

I am sure you can find Java implementation for other hash algorithms too.

ZZ Coder  2010-07-20 17:15:12

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases