What is the best way to encrypt a seed?What is reflection and why is it useful?What is the best way to filter a Java Collection?What's the best method for sanitizing user input with PHP?Are HTTPS headers encrypted?What is the difference between public, protected, package-private and private in Java?What is the best way to implement “remember me” for a website?What is a serialVersionUID and why should I use it?What's the simplest way to print a Java array?What is a JavaBean exactly?Fundamental difference between Hashing and Encryption algorithms
How can I get people to remember my character's gender?
Looking for sci-fi book based on Hinduism/Buddhism
Is there precedent or are there procedures for a US president refusing to concede to an electoral defeat?
My first C++ game (snake console game)
Will a God Eternal enchanted with Deep Freeze shuffle back into the deck if it dies?
Is there a word for food that's gone 'bad', but is still edible?
The origin of list data structure
What makes an isotope stable?
Where to draw the line between quantum mechanics theory and its interpretation(s)?
The Adventures of a Chocolate Cookie
How do I, as a DM, handle a party that decides to set up an ambush in a dungeon?
Endgame puzzle: How to avoid stalemate and win?
Dirichlet series with a single zero
How to remap repeating commands i.e. <number><command>?
When did England stop being a Papal fief?
Speed up this NIntegrate
weird pluperfect subjunctive in Eutropius
In "Avengers: Endgame", what does this name refer to?
What does "negligible mass" mean in the formulation of geodesics equation?
What Kind of Wooden Beam is this
What does にとり mean?
Sci-fi/fantasy book - ships on steel runners skating across ice sheets
Has the Hulk always been able to talk?
Should I simplify my writing in a foreign country?
What is the best way to encrypt a seed?
What is reflection and why is it useful?What is the best way to filter a Java Collection?What's the best method for sanitizing user input with PHP?Are HTTPS headers encrypted?What is the difference between public, protected, package-private and private in Java?What is the best way to implement “remember me” for a website?What is a serialVersionUID and why should I use it?What's the simplest way to print a Java array?What is a JavaBean exactly?Fundamental difference between Hashing and Encryption algorithms
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I've been struggling with a simple problem for hours now. I am working on a desktop application (a wallet) which needs a seed phrase to operate.
Naturally, the seed needs to be encrypted with a password and stored into a config file. I've found Jasypt which enables me to encrypt a String easily but apparently Jaspyt's PBEStringencryptor is supposed to be unsafe/deprecated. Since there's only one password, salting it wouldn't make any sense (would it?).
I've found many other methods on stackoverflock but I keep saying experts showing up and claiming how unsecure method x is.
To sum up my question: since I am only dealing with a single seed phrase, would using Jasypt's Stringencryptor be sufficient or should I use a different method?
java security encryption
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
add a comment |
I've been struggling with a simple problem for hours now. I am working on a desktop application (a wallet) which needs a seed phrase to operate.
Naturally, the seed needs to be encrypted with a password and stored into a config file. I've found Jasypt which enables me to encrypt a String easily but apparently Jaspyt's PBEStringencryptor is supposed to be unsafe/deprecated. Since there's only one password, salting it wouldn't make any sense (would it?).
I've found many other methods on stackoverflock but I keep saying experts showing up and claiming how unsecure method x is.
To sum up my question: since I am only dealing with a single seed phrase, would using Jasypt's Stringencryptor be sufficient or should I use a different method?
java security encryption
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
add a comment |
I've been struggling with a simple problem for hours now. I am working on a desktop application (a wallet) which needs a seed phrase to operate.
Naturally, the seed needs to be encrypted with a password and stored into a config file. I've found Jasypt which enables me to encrypt a String easily but apparently Jaspyt's PBEStringencryptor is supposed to be unsafe/deprecated. Since there's only one password, salting it wouldn't make any sense (would it?).
I've found many other methods on stackoverflock but I keep saying experts showing up and claiming how unsecure method x is.
To sum up my question: since I am only dealing with a single seed phrase, would using Jasypt's Stringencryptor be sufficient or should I use a different method?
java security encryption
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
I've been struggling with a simple problem for hours now. I am working on a desktop application (a wallet) which needs a seed phrase to operate.
Naturally, the seed needs to be encrypted with a password and stored into a config file. I've found Jasypt which enables me to encrypt a String easily but apparently Jaspyt's PBEStringencryptor is supposed to be unsafe/deprecated. Since there's only one password, salting it wouldn't make any sense (would it?).
I've found many other methods on stackoverflock but I keep saying experts showing up and claiming how unsecure method x is.
To sum up my question: since I am only dealing with a single seed phrase, would using Jasypt's Stringencryptor be sufficient or should I use a different method?
java security encryption
java security encryption
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
asked Mar 23 at 2:44
M. MalkonM. Malkon
455
455
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
The reason you are struggling to find a secure solution is probably that there is no secure solution that works in general.
Let me restate the problem that I think you are trying to solve:
- Your application needs a "secret" to operate.
- You cannot trust the user. (If you could, then you could in theory get the user to supply the secret each time they use the system.)
You cannot rely on operating system access control to keep the "secret" safe, because of one or more of the following:
- the operating system is inadequate or buggy
- you don't trust the operators / administrators
- you can't be sure that the system hasn't been hacked, or
- the system is not physically secured. (If someone can get undetected physical access to the hardware for long enough, they can circumvent OS security.)
Given the above assumptions, there is no secure solution. No matter what your application code does, it is possible for someone with sufficient OS-level privilege (assigned properly, or acquired nefariously) to watch what your code is doing and intercept the secret.
So what is the solution?
If you can assume that the platform is secure and the operators are trusted, there are technical ways to keep the secret secure ... from a non-privileged user.
There are mitigations for some kinds of security attacks. For example, you could use a Hardware Security Module to hold the secret so that it doesn't need to be stored in the file system.
Otherwise ... run the software on your (secure) infrastructure rather than the user's PC or your customer's servers.
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
add a comment |
seed needs to be encrypted with a password and stored into a config file..
Seems you are correct, the most reasonable way to encrypt the seed would be using some sort of password based encryption (PBE..).
Since there's only one password, salting it wouldn't make any sense (would it?).
you are storing the encrypted seed value itself, so in this case you may be ok with some application-wide static salt
PBEStringencryptor is supposed to be unsafe/deprecated.
would using Jasypt's Stringencryptor be sufficient
I am not aware of Jasyp being unsecure, it depends more on used parameters (any reference?). I usually use pure Java with standard PBKDF2 a few examples. However, Jasyp makes encryption done properly without deeper knowledge. The problem with cryptography is that it's easy to completely break security just using wrong set of parameters or using it wrong way. If you are just starting, using PBEStringencryptor may be safer option.
Someone mentioned using a hardware module (e. g. smartcard, TPM,.. ), could be safer, but less portable
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
add a comment |
I'am not an Java developer but as per described, what I would do in your case is to use asymmetric encryption of your seed with the desired password before storing it into a config file.
You could use Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC) to name a few algorithms.
Cheers
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55310119%2fwhat-is-the-best-way-to-encrypt-a-seed%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
The reason you are struggling to find a secure solution is probably that there is no secure solution that works in general.
Let me restate the problem that I think you are trying to solve:
- Your application needs a "secret" to operate.
- You cannot trust the user. (If you could, then you could in theory get the user to supply the secret each time they use the system.)
You cannot rely on operating system access control to keep the "secret" safe, because of one or more of the following:
- the operating system is inadequate or buggy
- you don't trust the operators / administrators
- you can't be sure that the system hasn't been hacked, or
- the system is not physically secured. (If someone can get undetected physical access to the hardware for long enough, they can circumvent OS security.)
Given the above assumptions, there is no secure solution. No matter what your application code does, it is possible for someone with sufficient OS-level privilege (assigned properly, or acquired nefariously) to watch what your code is doing and intercept the secret.
So what is the solution?
If you can assume that the platform is secure and the operators are trusted, there are technical ways to keep the secret secure ... from a non-privileged user.
There are mitigations for some kinds of security attacks. For example, you could use a Hardware Security Module to hold the secret so that it doesn't need to be stored in the file system.
Otherwise ... run the software on your (secure) infrastructure rather than the user's PC or your customer's servers.
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
add a comment |
The reason you are struggling to find a secure solution is probably that there is no secure solution that works in general.
Let me restate the problem that I think you are trying to solve:
- Your application needs a "secret" to operate.
- You cannot trust the user. (If you could, then you could in theory get the user to supply the secret each time they use the system.)
You cannot rely on operating system access control to keep the "secret" safe, because of one or more of the following:
- the operating system is inadequate or buggy
- you don't trust the operators / administrators
- you can't be sure that the system hasn't been hacked, or
- the system is not physically secured. (If someone can get undetected physical access to the hardware for long enough, they can circumvent OS security.)
Given the above assumptions, there is no secure solution. No matter what your application code does, it is possible for someone with sufficient OS-level privilege (assigned properly, or acquired nefariously) to watch what your code is doing and intercept the secret.
So what is the solution?
If you can assume that the platform is secure and the operators are trusted, there are technical ways to keep the secret secure ... from a non-privileged user.
There are mitigations for some kinds of security attacks. For example, you could use a Hardware Security Module to hold the secret so that it doesn't need to be stored in the file system.
Otherwise ... run the software on your (secure) infrastructure rather than the user's PC or your customer's servers.
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
add a comment |
The reason you are struggling to find a secure solution is probably that there is no secure solution that works in general.
Let me restate the problem that I think you are trying to solve:
- Your application needs a "secret" to operate.
- You cannot trust the user. (If you could, then you could in theory get the user to supply the secret each time they use the system.)
You cannot rely on operating system access control to keep the "secret" safe, because of one or more of the following:
- the operating system is inadequate or buggy
- you don't trust the operators / administrators
- you can't be sure that the system hasn't been hacked, or
- the system is not physically secured. (If someone can get undetected physical access to the hardware for long enough, they can circumvent OS security.)
Given the above assumptions, there is no secure solution. No matter what your application code does, it is possible for someone with sufficient OS-level privilege (assigned properly, or acquired nefariously) to watch what your code is doing and intercept the secret.
So what is the solution?
If you can assume that the platform is secure and the operators are trusted, there are technical ways to keep the secret secure ... from a non-privileged user.
There are mitigations for some kinds of security attacks. For example, you could use a Hardware Security Module to hold the secret so that it doesn't need to be stored in the file system.
Otherwise ... run the software on your (secure) infrastructure rather than the user's PC or your customer's servers.
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
The reason you are struggling to find a secure solution is probably that there is no secure solution that works in general.
Let me restate the problem that I think you are trying to solve:
- Your application needs a "secret" to operate.
- You cannot trust the user. (If you could, then you could in theory get the user to supply the secret each time they use the system.)
You cannot rely on operating system access control to keep the "secret" safe, because of one or more of the following:
- the operating system is inadequate or buggy
- you don't trust the operators / administrators
- you can't be sure that the system hasn't been hacked, or
- the system is not physically secured. (If someone can get undetected physical access to the hardware for long enough, they can circumvent OS security.)
Given the above assumptions, there is no secure solution. No matter what your application code does, it is possible for someone with sufficient OS-level privilege (assigned properly, or acquired nefariously) to watch what your code is doing and intercept the secret.
So what is the solution?
If you can assume that the platform is secure and the operators are trusted, there are technical ways to keep the secret secure ... from a non-privileged user.
There are mitigations for some kinds of security attacks. For example, you could use a Hardware Security Module to hold the secret so that it doesn't need to be stored in the file system.
Otherwise ... run the software on your (secure) infrastructure rather than the user's PC or your customer's servers.
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
answered Mar 23 at 3:40
Stephen CStephen C
530k72591950
530k72591950
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
add a comment |
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
Am I correct to assume that in my case, there would be no upside in salting the phrase? The seed phrase is unique anyway and I could just as well encrypt it with AES only.
– M. Malkon
Mar 23 at 3:53
1
1
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
The security issues are at a much deeper level than that. (And ... no ... it makes no real difference if you salt the seed phrase.) You need to step back an understand the big picture. Work out what (and who) you are trying to protect against. Only think about mechanisms when you understand the context ...
– Stephen C
Mar 23 at 4:02
add a comment |
seed needs to be encrypted with a password and stored into a config file..
Seems you are correct, the most reasonable way to encrypt the seed would be using some sort of password based encryption (PBE..).
Since there's only one password, salting it wouldn't make any sense (would it?).
you are storing the encrypted seed value itself, so in this case you may be ok with some application-wide static salt
PBEStringencryptor is supposed to be unsafe/deprecated.
would using Jasypt's Stringencryptor be sufficient
I am not aware of Jasyp being unsecure, it depends more on used parameters (any reference?). I usually use pure Java with standard PBKDF2 a few examples. However, Jasyp makes encryption done properly without deeper knowledge. The problem with cryptography is that it's easy to completely break security just using wrong set of parameters or using it wrong way. If you are just starting, using PBEStringencryptor may be safer option.
Someone mentioned using a hardware module (e. g. smartcard, TPM,.. ), could be safer, but less portable
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
add a comment |
seed needs to be encrypted with a password and stored into a config file..
Seems you are correct, the most reasonable way to encrypt the seed would be using some sort of password based encryption (PBE..).
Since there's only one password, salting it wouldn't make any sense (would it?).
you are storing the encrypted seed value itself, so in this case you may be ok with some application-wide static salt
PBEStringencryptor is supposed to be unsafe/deprecated.
would using Jasypt's Stringencryptor be sufficient
I am not aware of Jasyp being unsecure, it depends more on used parameters (any reference?). I usually use pure Java with standard PBKDF2 a few examples. However, Jasyp makes encryption done properly without deeper knowledge. The problem with cryptography is that it's easy to completely break security just using wrong set of parameters or using it wrong way. If you are just starting, using PBEStringencryptor may be safer option.
Someone mentioned using a hardware module (e. g. smartcard, TPM,.. ), could be safer, but less portable
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
add a comment |
seed needs to be encrypted with a password and stored into a config file..
Seems you are correct, the most reasonable way to encrypt the seed would be using some sort of password based encryption (PBE..).
Since there's only one password, salting it wouldn't make any sense (would it?).
you are storing the encrypted seed value itself, so in this case you may be ok with some application-wide static salt
PBEStringencryptor is supposed to be unsafe/deprecated.
would using Jasypt's Stringencryptor be sufficient
I am not aware of Jasyp being unsecure, it depends more on used parameters (any reference?). I usually use pure Java with standard PBKDF2 a few examples. However, Jasyp makes encryption done properly without deeper knowledge. The problem with cryptography is that it's easy to completely break security just using wrong set of parameters or using it wrong way. If you are just starting, using PBEStringencryptor may be safer option.
Someone mentioned using a hardware module (e. g. smartcard, TPM,.. ), could be safer, but less portable
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
seed needs to be encrypted with a password and stored into a config file..
Seems you are correct, the most reasonable way to encrypt the seed would be using some sort of password based encryption (PBE..).
Since there's only one password, salting it wouldn't make any sense (would it?).
you are storing the encrypted seed value itself, so in this case you may be ok with some application-wide static salt
PBEStringencryptor is supposed to be unsafe/deprecated.
would using Jasypt's Stringencryptor be sufficient
I am not aware of Jasyp being unsecure, it depends more on used parameters (any reference?). I usually use pure Java with standard PBKDF2 a few examples. However, Jasyp makes encryption done properly without deeper knowledge. The problem with cryptography is that it's easy to completely break security just using wrong set of parameters or using it wrong way. If you are just starting, using PBEStringencryptor may be safer option.
Someone mentioned using a hardware module (e. g. smartcard, TPM,.. ), could be safer, but less portable
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
answered Mar 23 at 8:02
gusto2gusto2
5,4212922
5,4212922
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
add a comment |
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
I took a look at Jasypt's StrongTextEncryptor and the algorith it uses is "PBEWithMD5AndTripleDES". From what I've gathered, TripleDES should not be used anymore.
– M. Malkon
Mar 23 at 12:15
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
@m-malkon What concerns primitives - 3DES is considered obsolete, yet not broken. MD5 is seriously broken today. However purpose of the PBE key generator is creating a high entropy key from mixing salt and password. I've read a post from someone more reputable than me that the PBEWithMD5AndTripleDES will still serve the purpose securely (I am unable to find the reference now). However you are not forced using Jasyp, you may simply use anything current (pbkdf2, argon2,. pbeaes/sha256.) It is more important you use pbe key generator with appropriate key length
– gusto2
Mar 25 at 7:39
add a comment |
I'am not an Java developer but as per described, what I would do in your case is to use asymmetric encryption of your seed with the desired password before storing it into a config file.
You could use Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC) to name a few algorithms.
Cheers
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
add a comment |
I'am not an Java developer but as per described, what I would do in your case is to use asymmetric encryption of your seed with the desired password before storing it into a config file.
You could use Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC) to name a few algorithms.
Cheers
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
add a comment |
I'am not an Java developer but as per described, what I would do in your case is to use asymmetric encryption of your seed with the desired password before storing it into a config file.
You could use Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC) to name a few algorithms.
Cheers
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
I'am not an Java developer but as per described, what I would do in your case is to use asymmetric encryption of your seed with the desired password before storing it into a config file.
You could use Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC) to name a few algorithms.
Cheers
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
answered Mar 23 at 2:53
Stoyan BukovichStoyan Bukovich
12
12
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55310119%2fwhat-is-the-best-way-to-encrypt-a-seed%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
