如何在数据库中存储加密的密码？ [英] How to store password encrypted in database?

问题描述

我试图在JSP和Servlets的帮助下以密码形式将密码存储到数据库中。

I am trying to store the password into the database in the encrypted form with the help of JSP and Servlets. How I can do that?

推荐答案

自写算法是一种安全风险，维护起来很痛苦。

MD5是不安全。

Self-written algorithms are a security risk, and painful to maintain.
MD5 is not secure.

使用由 jBcrypt （open）提供的bcrypt算法源码）：

Use the bcrypt algorithm, provided by jBcrypt (open source):

// Hash a password
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// Check that an unencrypted password matches or not
if (BCrypt.checkpw(candidate, hashed))
    System.out.println("It matches");
else
    System.out.println("It does not match");

如果使用Maven，您可以通过在pom.xml中插入以下依赖关系来获取库（如果有较新版本可用，请与我联系）：

If you use Maven, you can get the library by inserting the following dependency in your pom.xml (if a newer version is available please let me know):

<dependency>
    <groupId>de.svenkubiak</groupId>
    <artifactId>jBCrypt</artifactId>
    <version>0.4.1</version>
</dependency>

这篇关于如何在数据库中存储加密的密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！