Password encryption & storage strategy

Rogerio Meneguelli Gatto (gatto@widesoft.com.br)
Wed, 3 Feb 1999 19:43:08 -0200

From: Rogerio Meneguelli Gatto <gatto@widesoft.com.br>
To: <java-security@java.sun.com>
Subject: Password encryption & storage strategy
Date: Wed, 3 Feb 1999 19:43:08 -0200

Hi folks,

We need to store/compare encrypted passwords in a Servlet/JDBC =
environment, and we thought about using a Unix crypt() java =
implementation for encryption, but I read that it's not very secure, and =
not advisable anymore.

What would you suggest? Saving a MD5 (or other) hash? Can you point a =
Begginer's Security tutorial (on the Net).

TIA,
Rog=E9rio Gatto