An basic encryption service using strong JDK based classes using PBKDF2.
The flow goes something like this:
- When adding a new user, call generateSalt(), then getEncryptedPassword(),
and store both the encrypted password and the salt.
Do not store the clear-text password. Don't worry about keeping the salt
in a separate table or location from the encrypted password;
as discussed above, the salt is non-secret.
- When authenticating a user, retrieve the previously encrypted password and
salt from the database, then send those and the clear-text password they entered
to authenticate(). If it returns true, authentication succeeded.
- When a user changes their password, it's safe to reuse their old salt; you can
just call getEncryptedPassword() with the old salt.