From: martinY <rue...@al...> - 2011-07-04 17:10:13
|
Hello, I am using BasicTextEcnryption instead of BasicPasswordEncryption, as my program needs to be able to decrypt the password again, as I am saving it encrypted, but sending it in clear text to a third party site (there's no other way). The software is available as a jar archive for the users. I use setPassword() for salting. Apparently, anyone having the jar archive could decompile it and use the salting string to easily decrypt the encrypted passwords. Is there any way to prevent this? Using random salting strings does not seem to be possible, because how would I decrypt them after the program has been restarted, and we now want to decrypt the random-encrypted string? Thanks in advance for your answers, Martin. -- View this message in context: http://old.nabble.com/BasicTextEncryption---is-there-any-salting-safety-when-decompiling--tp31991006p31991006.html Sent from the Jasypt - Users mailing list archive at Nabble.com. |