The PBEService (Password Based Encryption Service) supports encryption and decryption of resources using JCA (Java Crypto Architecture) providing

  • method to create more or less secure passwords
  • creation of cipher streams for transparent encryption/decryption
  • generic encryption/decryption methods

The implementation uses PBEWithMD5AndDES and was inspired by Pankaj Kumar and his excellent book J2EE Security.

What is Password Based Encryption

Encryption is most of the time only as good as the password being used. And the password can be guessed using a dictionary attack. PBE tries to avoid the problem by mangling the user-provided password through various rounds of SHA-1 invocation and only this mangled result is used for encryption/decryption.

So the simple password "mysecret" would be mangled to "62cc-bf14-1814-672da" which is much harder to guess therefore avoiding a simple dictionary attack. Using this approach makes storing passwords in configuration files slightly more secure.