使用 Java 中的 PBKDF2 进行密码验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2375541/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Password Verification with PBKDF2 in Java
提问by PinkyNoBrain
I'm doing password based file encryption in Java; I'm using AES as the underlying encryption algorithm and PBKDF2WithHmacSHA1to derive a key from a salt and password combination using the following code (which I got from another generous poster on this site).
我正在用 Java 进行基于密码的文件加密;我使用 AES 作为底层加密算法,PBKDF2WithHmacSHA1并使用以下代码(我从本网站上的另一张慷慨的海报中获得)从盐和密码组合中派生出一个密钥。
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec ks = new PBEKeySpec(password,salt,1024,128);
SecretKey s = f.generateSecret(ks);
Key k = new SecretKeySpec(s.getEncoded(),"AES");
I share the salt, the user enters their password at each end and encryption and decryption work fine :-) My problem is that i would like to be able to verify that the password the user enters is correct before embarking on the (potentially long) decryption process. I know the PBKD spec includes an optional 2 byte verification value but I'm not sure how to generate this value using the above approach. Does Java provide support for this or if not what would be a secure alternative?
我共享盐,用户在每一端输入他们的密码,加密和解密工作正常:-) 我的问题是我希望能够在开始之前验证用户输入的密码是否正确(可能很长)解密过程。我知道 PBKD 规范包含一个可选的 2 字节验证值,但我不确定如何使用上述方法生成此值。Java 是否为此提供支持,或者如果没有,什么是安全的替代方案?
Thanks for your time.
谢谢你的时间。
采纳答案by PinkyNoBrain
Hey, thanks to crazy scot and Chris for there help. After doing some digging i decided to use the methods described on Dr Gladmans file encryption pagefor doing both password verification and message authentication. I believe this method, based on the PBKDF2 and a MAC, makes deriving the verfication value for m the password sufficiently expensive as to make it secure. Thanks again, and i hope this solution aids others.
嘿,感谢疯狂的斯科特和克里斯的帮助。在做了一些挖掘之后,我决定使用Dr Gladmans 文件加密页面上描述的方法来进行密码验证和消息身份验证。我相信这种基于 PBKDF2 和 MAC 的方法使得导出密码的验证值足够昂贵以确保其安全。再次感谢,我希望这个解决方案可以帮助其他人。
回答by Chris Jester-Young
There is no "quick check" mechanism that is secure, by definition. The whole point of using PBKDF2 or related techniques is to make password checking slow, to foil password cracking programs. If you added a quick check system, password crackers would be able to guess passwords in bulk very quickly.
根据定义,没有安全的“快速检查”机制。使用 PBKDF2 或相关技术的全部目的是使密码检查变慢,以挫败密码破解程序。如果您添加了快速检查系统,密码破解者将能够非常快速地批量猜测密码。
回答by crazyscot
Compute some sort of password verification tag and store that alongside the encrypted file data so that you can check it first. This might be something like the PBMAC of a fixed (short) string. Of course, this needs to be a non-reversible function so a cracker could not determine the password, and not be too quick to compute so as to confound the brute force attack.
计算某种密码验证标签并将其与加密文件数据一起存储,以便您可以先检查它。这可能类似于固定(短)字符串的 PBMAC。当然,这需要是一个不可逆函数,这样破解者就无法确定密码,也不能太快计算,以免混淆暴力破解。
Have you considered whether (and how) you will detect if the whole file has been decrypted correctly? You should probably look into some combination of PBES2 and PBMAC rather than using AES directly.
您是否考虑过是否(以及如何)检测整个文件是否已正确解密?您可能应该研究 PBES2 和 PBMAC 的某种组合,而不是直接使用 AES。
