Question

Currently we're using PBEWithMD5AndDES as a 2-way encryption algorithm for usernames, email addresses birthdates? It doesn't seem particularly performant (1 minute to read and write 30k DB rows in large batches, with 1 string encrypted string per row).

Does this seem reasonable? Or is there anything better.

Also, its not clear to me whether the default PBEWithMD5AndDES algorithm in jastypt performs multiple iterations or just one.

Was it helpful?

Solution

Encryption operations are always quite slow. Anyway, if you are using a fixed salt generator, jasypt 1.9.2 includes an optimization that saves some initialization calls and might improve your performance: http://jasypt.org/changelogs/jasypt/ChangeLog.txt

As for iterations, note that iteration in PBE encryption (two-way) is only performed in order to obtain the encryption key (it is obtained by applying a hash function on the password, which is not a byte[] encryption key but an unlimited-strength String). The amount of iterations performed on the hash function that obtains the key can be configured in most encryptor objects by means of a keyObtentionIterations property (and if not, javadoc will explain the value chosen).

Disclaimer, per stackoverflow rules: I'm jasypt's author.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top