Java JSP简单密码加密解密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20832008/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JSP simple password encryption decryption
提问by mekafe
i need to encrypt password to insert in a database.Also when i need that password i need to decrypt this value.What is the simple way to do this?
我需要加密密码以插入数据库。此外,当我需要该密码时,我需要解密这个值。这样做的简单方法是什么?
Note : This operation have not to be very safe.
注意:这个操作不是很安全。
采纳答案by Elliott Frisch
Please don't implement your current plans, instead you should use a MessageDigestto accomplish this. Apply a one way cryptographic hash function to the user's password (e.g. one of SHA-256, SHA-384, and SHA-512 [and there are others]) and a SALTto prevent rainbow tablebased attacks. Finally, for password resets, just replace the current password hash.
请不要实施您当前的计划,而应使用MessageDigest来完成此操作。将单向加密散列函数应用于用户的密码(例如 SHA-256、SHA-384 和 SHA-512 [以及其他] 之一)和SALT,以防止基于彩虹表的攻击。最后,对于密码重置,只需替换当前密码哈希即可。
As an example,
举个例子,
// We need a bytesToHex method first. So, from -
// http://stackoverflow.com/a/9855338/2970947
final protected static char[] hexArray = "0123456789ABCDEF"
.toCharArray();
public static String bytesToHex(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
// Change this to something else.
private static String SALT = "123456";
// A password hashing method.
public static String hashPassword(String in) {
try {
MessageDigest md = MessageDigest
.getInstance("SHA-256");
md.update(SALT.getBytes()); // <-- Prepend SALT.
md.update(in.getBytes());
// md.update(SALT.getBytes()); // <-- Or, append SALT.
byte[] out = md.digest();
return bytesToHex(out); // <-- Return the Hex Hash.
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return "";
}
public static void main(String[] args) {
System.out.println(hashPassword("Hello"));
System.out.println(hashPassword("Hello"));
System.out.println(hashPassword("Hello1"));
System.out.println(hashPassword("Hello2"));
}
Which should output
哪个应该输出
60C1E22D18D022F01EEF0CAF999E52FD44C0C8EFD2161E9F4D24120AB0AFC84D
60C1E22D18D022F01EEF0CAF999E52FD44C0C8EFD2161E9F4D24120AB0AFC84D
CAAC2288692DD57BADFAE0225A42E59E1979E0116D009EEF01912E8C75529515
E0A3963BFAF209A17422918CB1FC950A62858993CA9A7BA6F760B8D4688306FD
Demonstrating how tremendously different one character makes the resulting hash.
演示一个字符产生的哈希值有多么大的不同。
回答by Vinoth Krishnan
One more way is to use Encrypt class for encrypting your password with randomly generated keyvalue. But you need to store the keyvaluein your DB for encrypted password. Like this,
另一种方法是使用 Encrypt 类通过随机生成的keyvalue. 但是您需要将 存储keyvalue在您的数据库中以获取加密密码。像这样,
Integer randVal = random.nextInt();
Encrypt encrypt = new Encrypt();
// convert password to encrypted password
String encyppassword = encrypt.encryptText(
Integer.toString(randVal) + "",
your_password);
While decrypt you need to use keyvalue and encrypted password. Like this,
解密时需要使用键值和加密密码。像这样,
Decrypt decrypt = new Decrypt();
Integer randVal = keyvalue_from_db;
String decryptedPassword = decrypt.decryptText(
String.valueOf(randVal.toString()),
encrypted_password);
Hope this helps.
希望这可以帮助。
