当存储的密码？ [英] Where to store password?

问题描述

我写一个Android密码管理应用程序，我想在一些地方保存主密码，但我不知道在哪里。我应该加密，用户给了我一个，我选择，然后将其保存到数据库中硬codeD密码主密码？或者我应该做些别的事情？

I am writing an android password manager application and i want to store the master password somewhere but i don't know where. Should i encrypt the master password that the user gives me with a hard coded password that i choose and then store it to the database? or should i do something else?

推荐答案

您永远不应该存储未加密密码。

You should never store unencrypted passwords.

有关的密码，你不能安全加密（因为你必须在某处存储解密密钥），你应该只保存它的一个不可逆的哈希值。

For passwords, that you can't encrypt safely (because you have to store the decryption key somewhere), you should only store a unreversible hash of it.

这样，你可以在用户给你的密码，密码比较散。如果匹配，你可以解密存储的用户：口令对给定的密码

That way you can compare the password to the hash when the user gives you the password. If it matches, you can decrypt the stored user:password pairs with the given password.

PS：不要忘了盐的哈希和请做正确

PS: Don't forget to salt the hash and please do it properly.

这篇关于当存储的密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！