Possible Duplicate:
What function to use to hash passwords in MySQL?
Secure password storaging

I wish to be aware of best mechanism employed for storing passwords into database after file encryption from the password and please suggest the technique of file encryption and implementation in Java if at all possible.

Never store encoded passwords. Store a safe and secure one-way hash rather, something similar to SHA-1 (has some minor security issues), or among the more recent, safer variants.

Doing this is really against several regulating needs that you simply might be susceptible to, like the PCI DSS for those who have any participation with charge cards (doing any e-commerce?).

Something similar to http://www.mindrot.org/projects/jBCrypt/ could also prove helpful.

+1 for Borealid's comment - despite hashing, the hashing must be done correctly, and should include "salt" (additional random data to avoid a subset of attacks). jBCrypt is going to do this for you personally (as will other similar libraries).

A typical method to store passwords would be to hash them utilizing a message digest formula. I'd recommend SHA1, or if you want more bytes (-> less collision possible), SHA256 or 512. Here's an SHA1 implementation in Java:


It is also advised that you employ a salt to make gessing password hashes even harder. Explanation: