Password encryption

[agentry5]

User Story: I am already using the Resolute app, but I am concerned about sharing my personal information with the app. Is my information safe from hackers? I'm worried my password and email will be taken and my other personal accounts will be compromised.

• Persona: Norman, an existing user of Resolute. An early adopter of the app.
• Feature: Encrypt entered passwords on both login and register screens, and store only encrypted passwords in the database, in a collection not associated with the matching user's information.
• Business Value: Data security of users' personal information, providing peace of mind for consumers and protection from a dangerous breach in private data.

Tasks:

• [x] Frontend function in MainActivity.java that encrypts/hashes entered passwords.
• [ ] Rearrange Firestore Database so that passwords are not directly associated with their appropriate user.
  • This can be done by creating a collection of encrypted usernames, and only store passwords under the appropriately encrypted username.
• [x] Overwrite existing passwords in Firestore database with encrypted equivalents.

Acceptance Criteria:

1. All login and registration acceptance criteria apply, even after encryption is implemented. (See #10 and #22)
2. Passwords on Firestore database cannot be associated with their appropriate user by human influence. In other words, if somebody has access to the database they cannot just read encrypted passwords, or know immediately who they belong to.

[agentry5]

Please note that, after speaking with Professor Jiang, task 2 in this issue, as well as a portion of acceptance criteria 2, was deemed unnecessary. Storing hashed passwords separately from other user information is unnecessary since hashes are irreversible. The only way to know a user's password during a data breach is to brute force SHA-512 hashing Strings.