powered by Jive Software

Does the passwordkey get SHA1 hashed before it is used in Blowfish Password Encryption?HELP!

Hi,

I noticed in the source code that when the BlowFish class is created, a password is passed into the constructor and is then hashed with SHA1. Does this mean that the passwordkey property is hashed before it is used as a key in blowfish encryption. Its all getting confusing.

/**
0030:             * Creates a new Blowfish object using the specified key (oversized
0031:             * password will be cut).
0032:             *
0033:             * **@param** password the password (treated as a real unicode array)
0034:             */
0035:            **public** Blowfish(**String** password) {
0036:                // hash down the password to a 160bit key
0037:                **MessageDigest** digest = null;
0038:                **try** {
0039:                    digest = MessageDigest.getInstance("SHA1");
0040:                    digest.update(password.getBytes());
0041:                } **catch** (**Exception** e) {
0042:                    Log.error(e);
0043:                }
0044:
0045:                // setup the encryptor (use a dummy IV)
0046:                m_bfish = **new** BlowfishCBC(digest.digest(), **0**);
0047:                digest.reset();
0048:            }

Im desperate to add an account to the db with an encrypted password. Im doing this in C# using the bouncycastle blowfish encyption package. Has anyone out there had any experience in generating the password from there own system.

Mike