I have a Java desktop program in which I want to store credentials for login in the most secure way possible. I thought about using a database, but I have a bad feeling about it, I would just rather store it locally on the users end, but I also need it to be very secure. The software basically revolves about being secure.
So I thought about using several rounds of very strong encryption, if that is possible. Then I need to find how to securely store those credentials.
How would you proceed? What do you recommend?
Most preferred way to do is hashing the password if you want to store it in a database. This is used by most of the webapps such as WordPress.
You can encrypt and decrypt a password with an algorithm but you cannot 'unhash' a password.
How do you authorize?
Let's say your password is "12345" and you store it inside your database as "$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/" in a hashed form.
So whenever a user enters his password, you hash that password again and compare both hashed passwords. You don't/can't 'decrypt' from database and compare them. There is no way to see a clear text of user's password when hashed.
Check this link to learn about hashing in java: How can I hash a password in Java?