0

What is the best way to keep/validate user Login credentials in a web application using MySQL as database and JSP/Servlet as front end.

I have gone through couple of blogs and it says it is not good practice to encrypt MD5 and store user password it might have collision attack. How we can implement a robust and secure login for end use.

Krishnakant
  • 1,453
  • 3
  • 18
  • 30
  • 1
    A collision [doesn't seem to be very likely](http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions). Just generate a salt for each user, hash the password, and write the salted hash to the database. – Tim Biegeleisen Nov 08 '16 at 10:54

1 Answers1

1

It is subjective discussion and answere depends upon you existing system :

Best Option is to HASHING .

Store Password in hashed format(Use any latest Hashing mechanism , JAVA 8 also has encluded one ) and store it in DB.

Hash The incoming password and mached with hashed one stored in DB .

Pratik Prakash
  • 100
  • 1
  • 7
  • Open to dictionary attacks and lookup tables. A reasonable-length random salt should also be generated for each user. – Michael Nov 08 '16 at 11:26