Secure-Password-Manager

Application Security Through Hashing Technologies Developed with Java

Introduction

This secure password manager application, developed in Java, enables safe storage, modification, and removal of user credentials. The system employs hash maps to manage data securely and integrates authentication mechanisms to restrict access to authorised users only. By pairing unique keys with corresponding values, hash maps enable efficient credential retrieval while enhancing protection against unauthorised access.

Key features include a secure login system and encryption mechanisms that safeguard passwords. The application demonstrates practical knowledge of hashing algorithms, conditional logic for access control, and use of BigInteger for cryptographic operations.

Requirements

The goal was to build a Java-based secure application to manage usernames and passwords, encrypted using SHA-256. Only a master user can add, edit, or remove stored credentials. Developed as part of a group project, this system ensures stored data remains protected in the event of a breach. The encrypted data is stored in external files under master user control.

Design Considerations and Block Diagram

The application flow begins with the master user logging in with a predefined username and password. Once authenticated, the user may add, modify, or delete entries. Passwords and master credentials are hashed and stored in separate files.

Development Methodology

The system follows a menu-driven design for clarity and ease of use. Simplicity was prioritised to ensure accessibility for users with varying technical backgrounds. Development was conducted in IntelliJ IDEA.

Functionality

This program utilises a hash map to manage the master user's credentials, storing them in the add user ID hash map. This hash map pairs usernames with passwords for easy retrieval. The main method presents a menu-based interface, offering options for adding, updating, or deleting user entries.

• Master User Authentication: The first method verifies the master user's credentials, allowing access to the main menu upon correct input. Incorrect entries result in program termination.

• Main Menu: Displays available options for managing user entries.

• Add User ID: Allows storing user entries in the add user ID hash map.

• Delete User ID: Removes user entries if they exist in the hash map.

• Update User Password: Enables changing passwords for existing users.

• Modify Master Password: Allows changing the master password.

• Official Master Access: Validates access to perform operations based on selected options.

• Hashing: Utilises the SHA-256 algorithm to securely hash passwords before storing them in the hash map. Encrypted passwords are then written to files for storage.

The process involves looping through the add user ID hash map to encrypt and store passwords. Exception handling ensures program continuity, even in case of errors during encryption or file writing. The same process applies to encrypting the master password, with separate file and hash map names for distinction.

Security Features

I implemented SHA-256 to encrypt the passwords for the master user and students. SHA-256 is efficient enough to uniquely hash encrypted data and safely secure it such as account-specific end-user passwords and usernames. With no known security weaknesses, it ensures high-level data protection, making it the preferred choice for cryptography.

Usability Demo

Application.usability.demo.video.3.mp4

Concluding Reflections

Java was selected for its balance of readability, reliability, and built-in security features. This project underscored the importance of secure coding practices at both the application and network layers. Implementing cryptographic standards like SHA-256 reflects a strong foundation in secure software development and application-layer security.

References

• TablePlus. (28/08/2018). CLI vs GUI - Which one is better?. Available: https://tableplus.com/blog/2018/08/cli-vs-gui-which-one-is-better.html. Last accessed 16/12/2021.
• Indumathi S.. (March 20, 2020). 5+ Tips to Secure Your Java Code from Attackers. Available: https://www.secpod.com/blog/secure-your-java-code-2/. Last accessed 16/12/2021.
• Mike Dane. ( 22 Oct 2017). Java - Programming Language | Tutorial. Available: https://www.youtube.com/playlist?list=PLLAZ4kZ9dFpPpdR_9IQBUDLjYalvdrGGb. Last accessed 16/12/2021.
• Tutorials Point (India) Ltd.. (16 Dec 2019). Java Essential Training. Available: https://www.youtube.com/playlist?list=PLWPirh4EWFpFfTUVBl5KbeXly1sHKSc-Z. Last accessed 16/12/2021.
• Baeldung. (March 5, 2021). SHA-256 and SHA3-256 Hashing in Java. Available: https://www.baeldung.com/sha-256-hashing-java. Last accessed 16/12/2021.
• Gartner. (26 May 2021). Critical Capabilities for Application Security Testing. Available: https://www.gartner.com/en/documents/4001984/critical-capabilities-for-application-security-testing. Last accessed 16/12/2021.
• Stackify. (SEPTEMBER 14, 2015). What is APM? Overview, Common Terms, and 10 Critical APM Features. Available: https://stackify.com/what-is-apm/. Last accessed 16/12/2021.
• MicroFocus. What is Application Security?. Available: https://www.microfocus.com/en-us/what-is/application-security. Last accessed 16/12/2021.
• vmware. What is application security?. Available: https://www.vmware.com/topics/glossary/content/application-security.html. Last accessed 16/12/2021.
• Mansi Sheth. (April 18, 2017). Encryption and Decryption in Java Cryptography. Available: https://www.veracode.com/blog/research/encryption-and-decryption-java-cryptography. Last accessed 16/12/2021.
• Anton Lawrence. (March 24, 2020). Best Practices for Java Security. Available: https://bitbucket.org/blog/best-practices-for-java-security. Last accessed 16/12/2021.
• Diego Pacheco. (Jul 25, 2020). Hashing in Java. Available: https://diego-pacheco.medium.com/hashing-in-java-834feb0e0500. Last accessed 16/12/2021.
• https://javatutorialhq.com/java/util/hashmap-class/put-method-example/
• https://stackoverflow.com/questions/5531455/how-to-hash-some-string-with-sha-256-in-java