0

I know how to save a password in a Database using One-Way Hash-Algorithms. But in my case, i need the password in plain text to log into the Service (Dropbox API).

So if i want to create an application, which always uses the same username/password to log into Dropbox (e.g. for a client), how would i save the users password in my Java Code, so it can not easily be read using a HexViewer?

It should be something that encrypts and decrypts the String, but it can't be binded to one single machine.

Improve this question
4
  • You can't encrypt it - where would you store this encryption key? Your only option is to hash it if dropbox supports passing the hash directly (instead of plaintext password). Commented May 16, 2011 at 17:37
  • 1
    @Vladislav If Dropbox supports passing the hash directly, can't the user use the hash the same way as the password? Commented May 16, 2011 at 17:45
  • Hmmmm... I'm not thinking straight here, sorry about that. If you don't ask the user anything, it can't be secure. You can store passwords in a keychain, but you have to ask for a password for the keychain. I guess you can store it in some Windows store, but the user still needs to log-in (which provides the key). Commented May 16, 2011 at 17:53
  • actually if dropbox would support that that would destroy the whole concept of hashes that is: when someone steals the password hash database from dropbox they still cannot log into you account Commented Aug 19, 2014 at 8:57

2 Answers 2

Reset to default
4

Well, encrypt password with DES or AES, keep the key in the jar and descrypt only when you need. But if someone will need, he will easily reverse this and extract your login and password.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Okay, and if I wanted to do a machine-binded encryption? Does Java offer some standard classes to do such stuff?
@Lukas, well in this case use MAC address of PC or HDD or motherboard serial number. download.oracle.com/javase/6/docs/api/java/net/… rgagnon.com/javadetails/java-0580.html
THX, I'll defiantly have a look at this.
1

As long as you need it in clear text in your program, it can not be sure. Whatever you do, your program may be analyzed, decompiled, run in a "compromised" VM, whatever.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.