Password Encryption in Play

Studio-Scala4 Comments on Password Encryption in Play1 min read
Table of contents
Reading Time: < 1 minute

Today,in this blog I would like to tell you about Password encryption in Play.
As you know that saving password in its plain form can lead to future problems, so its better to use an encryption technique before saving them to your database.I will be using ‘SHA-256’ encyption in the code given below.
In your project inside the util package, create a scala object named: “EncyptionUtility”. Delete the content and add the following code:

After adding this code, you just have to add the path name wherever you are using password.

4 thoughts on “Password Encryption in Play1 min read

  1. This is terrible, dangerous advice!! Please do not store passwords encrypted using SHA-1! That kind of advice is worse than useless since it creates a false sense of security. Passwords should always be salted and they should be hashed using a secure algorithm specifically designed for password storage, like PBKDF2, scrypt, or bcrypt.

    See the following Gist for an example of correct Scala password hashing:

    https://gist.github.com/agemooij/9622302

    The above code is based on a Java version described here:

    https://crackstation.net/hashing-security.htm#javasourcecode

    I would strongly urge you to update your post!

    Regards,
    Age Mooij

  2. Hi Age,

    Thanks for your suggestion.After going through the Gist and researching, I realized I shouldn’t be using SHA-1 anymore. I have made the required changes and will be using SHA-256 technique now.

    Regards,
    Harshita Rachora

    1. Did you read the article I linked to? Normal hash functions should never be used for hashing passwords. SHA-256 is not the correct answer. Look at the code I linked to see how to use PBKDF2.

      Even more importantly: you should never ever store password hashes without salting them. Otherwise the same password will always end up with the same hash and dictionary attacks will decimate your password database in hours.

      Password storage is serious business and you should know what you are doing. SHA-1 vs SHA-256 is completely besides the point.

      Please educate yourself on how to do this properly or you might end up being the one responsible for one of those famous password database hacks. The biggest one so far was the one from the Adobe website. 154M passwords using naive hashing without salts.

  3. Hello Harshita,

    nice SHA-256 encryption example for scala.

    But besides the discussion about the suitability of SHA-256 for password encryption there is a bug in your code snippet:
    Line 37
    if (hex.length == 1) hexString.append(‘0’) else hexString.append(hex)
    should be
    if (hex.length == 1) hexString.append(‘0’)
    hexString.append(hex)

    Regards
    Maurizio

Comments are closed.

Knoldus-logo-final
nashtech-logo-white

COMPANY

Sign up to our newsletter

    Certificates

    IOSTQB Platinum Partner-white
    cmmi5-white
    ISO 27001-white
    ISO 27002-white
    ISO 9001-white

    Partners

    knoldus-lightbend-white.png
    knoldus-databricks-white-.png
    knoldus-confluent-white.png
    knoldus-docker-white.png
    knoldus-hashiCorp-white.png
    knoldus-ibm-white.png
    knoldus-daml-white.png
    knoldus-datastax-white.png
    knoldus-kmine-white.png
    knoldus-rust-foundation-white.png
    knoldus-scala-white-1.png
    knoldus-snowflake-white-1.png
    umbraco 1
    aws-partner-logo 1
    Microsoft Gold Partner_white 1
    © 2023 Knoldus, Inc. All Rights Reserved.
    Part of NashTech
    Privacy Policy | Sitemap

    Discover more from Knoldus Blogs

    Subscribe now to keep reading and get access to the full archive.

    Continue reading