Does my dba know what it is doing?
I am new to all encryption, hashing, etc. I got an email from my dba telling me to read admin un, password from .properties file and looks something like this:
ldap.provider.admin.password=fc34f78f665b60c5b99bad0ee1b228269e10e9cdd81c1a
Then in his letter he states:
ldap.provider.admin.password is actual password encrypted with "SHA256".
Telling me in my java program, I will have to decrypt this password to be able to use it.
Is this me or is he confused with the crypto hash algorithm? Can I get decryption?
source to share
"Encrypted" is a misleading term because it means it can be decrypted. Anything transformed with the "SHA256" algorithm is actually cryptographically hashed. There is no "decryption" functionality for the cryptographic hashing algorithm.
But you can still use it. When the user submits the password, execute "SHA256" on the password submitted by the user and compare it with the stored hashed password. By the looks of the line above, you may need to convert the hash output to a hex string in order to compare it.
Also, you first need to figure out if the salt is applied to the hash (additional extra content added for each user to improve security). If so, then you will need to salt the password submitted by the user before deleting it.
source to share