I am already using X for encrypting passwords. Why would I want to use jasypt instead?
Well, first of all, if you are simply using a Message.digest() or a DigestUtils.md5() call to encrypt your passwords and store them in a database, you should know that your password system is much weaker than you think, and that acquiring access to your application could be easy for any attackers. And it even becomes worse as the number of users in your application increases. If you want to learn why this happens and how you could try to avoid it, have a look at the article “How to encrypt user passwords”. …and, if you are not using such calls but some other APIs or techniques, maybe you should consider reading it anyway to know if jasypt can help you do things better. If you are using Spring Security (former Acegi Security) for encrypting passwords in your application, check the corresponding question in this FAQ (below) to see what jasypt can do for you.
Related Questions
- I am already using Spring Security / Acegi for encrypting passwords. Why would I want to add jasypt to my security infrastructure?
- My online bank forces me to change my password every month. Can PasswordMaker generate different passwords for the same site?
- How Do You Delete Forgotten Windows Passwords Using The Magnifier.Exe Exploit?
