I am currently creating application using Java, I googled password encryption with java but the results are so enormous I felt overwhelmed. How would I encrypt and decrypt a password using Java? And what is the best practice for encrypting and decrypting passwords? I am guessing MD5 is not a way to go since it is a one way hash. I am using struts2 as my framework, was wondering if they provide password encryption

Updated:

Try JBCrypt:

String password = "MyPassword123";
String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12));
System.out.println(hashed);  // $2a$12$QBx3/kI1SAfwBDFOJK1xNOXK8R2yC7vt2yeIYusaqOisYbxTNFiMy

Download jBCrypt-0.3 from here, check README file for more details.

Also I don't recommend to use MD5 because, it's already broken. Instead of that you can use SHA512 it's secure hashing method, you can use MessageDigest. Below code I am using in one of my project, which works perfectly

public String encode(String password, String saltKey)
        throws NoSuchAlgorithmException, IOException {

    String encodedPassword = null;
    byte[] salt = base64ToByte(saltKey);

    MessageDigest digest = MessageDigest.getInstance("SHA-512");
    digest.reset();
    digest.update(salt);

    byte[] btPass = digest.digest(password.getBytes("UTF-8"));
    for (int i = 0; i < ITERATION_COUNT; i++) {
        digest.reset();
        btPass = digest.digest(btPass);
    }

    encodedPassword = byteToBase64(btPass);
    return encodedPassword;
}

private byte[] base64ToByte(String str) throws IOException {
    BASE64Decoder decoder = new BASE64Decoder();
    byte[] returnbyteArray = decoder.decodeBuffer(str);
    if (log.isDebugEnabled()) {
        log.debug("base64ToByte(String) - end");
    }
    return returnbyteArray;
}

well, as I know we have following some algorithm to secure password.

1. MD5 -
2. PBKDF2 -
3. SHA -
4. BCrypt and SCrypt -

among this BCrypt and SCrypt are the more secure way for password security.

There is quite nice project dedicating to solving that problem in Java. Essentially, it provides two ways of encrypting user passwords: - MD5
- SHA1

Take a look to the link: jasypt

for me i see that MD5 its the best way and you don't need to decrypt the password in case the user forgot his password you can give him a way to generate a new one and for the log in you can compare just the hash existing in the data base and the one entred by the user

Always use ONE WAY HASH ALGORITHM.

I would say GO with MD5 hashing. While storing password in DB, use MD5 hashing. So that if you have your password as pass, after hashing it will get stored as asjasdfklasdjf789asdfalsdfashdflasdf (32 character).

As you said, you want to de-crypt the password also. I would say don't do that. While checking the password against DB, what you can do is hash the password and compare that string with what you have in database.

if (DoHashMD5(myPass).equals(rs.getString(2))) {
    System.out.print("You are registered user!!!");
} else {
    System.out.print("Invalid user!!!");
}

here rs.getString(2) would be your query parameter.