如何使用Java中的BouncyCastle API加密和解密密码? [英] How to encrypt and salt the password using BouncyCastle API in Java?
本文介绍了如何使用Java中的BouncyCastle API加密和解密密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
加密我很新,我正在使用 BouncyCasetle API
加密密码,并将其存储在数据库。对于加密我正在使用 SHA-1
算法,我想要使用密码来防止它再次发生字典攻击。
I am fairly new to cryptography and I am using BouncyCasetle API
to encrypt password and store it in the database. For encryption I am using SHA-1
algorithm and I want to salt the password to prevent it agains dictionary attacks.
任何帮助将不胜感激。
推荐答案
我建议使用基于密码的密钥推导函数而不是基本的哈希函数。这样的东西:
I'd recommend use of a Password-Based Key Derivation Function instead of a basic hash function for this. Something like this:
// tuning parameters
// these sizes are relatively arbitrary
int seedBytes = 20;
int hashBytes = 20;
// increase iterations as high as your performance can tolerate
// since this increases computational cost of password guessing
// which should help security
int iterations = 1000;
// to save a new password:
SecureRandom rng = new SecureRandom();
byte[] salt = rng.generateSeed(seedBytes);
Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToSave.getBytes("UTF-8"), salt, iterations);
byte[] hash =
((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();
// now save salt and hash
// to check a password, given the known previous salt and hash:
kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToCheck.getBytes("UTF-8"), salt, iterations);
byte[] hashToCheck =
((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();
// if the bytes of hashToCheck don't match the bytes of hash
// that means the password is invalid
这篇关于如何使用Java中的BouncyCastle API加密和解密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文