Java PBEWithMD5AndDES
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1284771/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Java PBEWithMD5AndDES
提问by Hamza Yerlikaya
I am using password based encryption. My initial thought was to use AES to encrypt the file which contains passwords. Turns out password based encryption does not support AES. It uses DES. AFAIK des is not secure. Is PBEWithMD5AndDES secure enough to thrust my data or should i look for another implementation?
我正在使用基于密码的加密。我最初的想法是使用 AES 来加密包含密码的文件。原来基于密码的加密不支持 AES。它使用 DES。AFAIK des 不安全。PBEWithMD5AndDES 是否足够安全来推送我的数据,还是我应该寻找其他实现?
采纳答案by caf
It appears from your comments that what you would like to do is to encrypt a file which contains sensitive information, using a password-based encryption scheme, with a password provided by the user at decrypt-time. The sensitive information in this case also happens to be passwords, but that isn't really relevant. (You should probably update the question to make this more clear).
从您的评论看来,您想要做的是使用基于密码的加密方案加密包含敏感信息的文件,并使用用户在解密时提供的密码。这种情况下的敏感信息也恰好是密码,但这并不真正相关。(您可能应该更新问题以使其更清楚)。
You are doing the right thing, your problem is just that the SunJCE Java cryptography provider doesn't support AES for password-based encryption. You need to use an alternative provider which does: for example, you could use the Bouncy Castleprovider with the algorithm "PBEWITHSHA256AND128BITAES-CBC-BC". (Despite the whimsical name, Bouncy Castle is well-respected).
您正在做正确的事情,您的问题只是 SunJCE Java 加密提供程序不支持 AES 进行基于密码的加密。您需要使用替代的提供程序:例如,您可以使用带有 algorithm的Bouncy Castle提供程序"PBEWITHSHA256AND128BITAES-CBC-BC"。(尽管名字很古怪,但充气城堡备受推崇)。
As for "is DES secure enough for my data", well if the data you're protecting would be worth less than roughly $10,000 to an attacker, then back in 2009 it was probably just secure enough. And in 2014, if your data is worth encrypting at all, the answer is no.
至于“DES 对我的数据是否足够安全”,如果你保护的数据对攻击者来说价值不到大约 10,000 美元,那么在 2009 年它可能已经足够安全了。2014 年,如果您的数据值得加密,答案是否定的。
回答by Ben S
You should not be keeping the passwords in any form other than saltedhash digests.
You should then use the operating system permission system to make it such that the hashed password file is only readable by the user which validates passwords.
然后,您应该使用操作系统权限系统来确保散列密码文件只能由验证密码的用户读取。
回答by Jason Fritcher
If you have Java 6 available, everything you need is available. Check out this questionand look at the accepted answer for a code sample. Since you want to encrypt files, the iv that is generated should be prepended to the file you are writing the ciphertext to, so that it is available during the decryption.
如果您有可用的 Java 6,那么您需要的一切都可用。查看此问题并查看代码示例的已接受答案。由于您要加密文件,因此生成的 iv 应预先添加到您要写入密文的文件中,以便在解密期间可用。
