Java Reference
In-Depth Information
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
// Encode bytes as UTF8; strToBeEncrypted contains the
// input string that is to be encrypted
byte[] encoded = strToBeEncrypted.getBytes("UTF8");
// Perform encryption
byte[] encrypted = cipher.doFinal(encoded);
Applicability
Use of mathematically and computationally insecure cryptographic algorithms can result
in the disclosure of sensitive information.
Weak cryptographic algorithms can be disabled in Java SE 7; see the Java
™
PKI Pro-
grammer's Guide, Appendix D, “Disabling Cryptographic Algorithms” [Oracle 2011a].
Weak cryptographic algorithms may be used in scenarios that specifically call for a
breakable cipher. For example, the ROT13 cipher is commonly used on bulletin boards
andwebsiteswhenthepurposeofencryptionistoprotectpeoplefrominformation,rather
than to protect information from people.
Bibliography
[Oracle 2011a]
Appendix D, “Disabling Cryptographic Algorithms”
[Oracle 2013b]
Java Cryptography Architecture (JCA) Reference Guide
13. Store passwords using a hash function
Programs that store passwords as cleartext (unencrypted text data) risk exposure of those
passwords in a variety of ways. Although programs generally receive passwords from
users as cleartext, they should ensure that the passwords are not stored as cleartext.
Anacceptabletechniqueforlimitingtheexposureofpasswordsistheuseof
hash func-
tions
, which allow programs to indirectly compare an input password to the original pass-
word string without storing a cleartext or decryptable version of the password. This ap-
proach minimizes the exposure of the password without presenting any practical disad-
vantages.
