So I’m relatively new to programming and I decided to create a very basic password management tool using Java and Postgres. So far I’ve created most of the back-end and thinking to use SHA-256 to authenticate the master password to that the user(if the hashes do not match the program quits), but I’m stuck not knowing where exactly to ‘store’ the master password hash or a default password hash.
I want to create the master in such a way that it’s initialized with a default value the first time the program is run and the user can change it if he/she wants.
I scoured the internet to find Keystore implementations and some other techniques but I still do not have a clear understanding… Please helppp
Advertisement
Answer
You can use Postgres shaXXX() functions: https://www.postgresql.org/docs/11/functions-binarystring.html
So a password can be converted by postgres:
SELECT sha512("MyPassword");
Instead of inserting the password you’ll insert sha512(password)
and also verify it’s the same password by comparing the user passed in passord with the sha(userInsertedPassword). If the hashes are equal, password is correct.
If you use a Java webframework, I’d advise to have a read about authentication in the docs of the framework – there might be more solid frameworks that will do the job and help you to not open and security loopholes! The given answer is very simplistic.