Password Encryption

[kyleb13]

The purpose is to NOT send/receive the actual password over the wire, but rather the hashed string.

• [x] Will this be ok to run on mobile phones?
• [x] Hash the password, then store the hash in the database.
• [x] Hash the password, then compare with the hash string from the database.
• [x] Post Execute: set the old string to null so the memory space has nothing pointing to it any more.

Information:

• https://www.baeldung.com/sha-256-hashing-java
• https://www.baeldung.com/jasypt

[sam2b]

It turns out we are already using an API to do this automatically. I verified the hash is truly being stored in the database.

[sam2b]

This function is already part of the java script back end. (salted hash)