Hi,
I noticed in the source code that when the BlowFish class is created, a password is passed into the constructor and is then hashed with SHA1. Does this mean that the passwordkey property is hashed before it is used as a key in blowfish encryption. Its all getting confusing.
/**
0030: * Creates a new Blowfish object using the specified key (oversized
0031: * password will be cut).
0032: *
0033: * **@param** password the password (treated as a real unicode array)
0034: */
0035: **public** Blowfish(**String** password) {
0036: // hash down the password to a 160bit key
0037: **MessageDigest** digest = null;
0038: **try** {
0039: digest = MessageDigest.getInstance("SHA1");
0040: digest.update(password.getBytes());
0041: } **catch** (**Exception** e) {
0042: Log.error(e);
0043: }
0044:
0045: // setup the encryptor (use a dummy IV)
0046: m_bfish = **new** BlowfishCBC(digest.digest(), **0**);
0047: digest.reset();
0048: }
Im desperate to add an account to the db with an encrypted password. Im doing this in C# using the bouncycastle blowfish encyption package. Has anyone out there had any experience in generating the password from there own system.
Mike