Java或MySQL中的密码加密? [英] Encryption of Password in Java or MySQL?

问题描述

我正在尝试在用户注册时使用MD5加密密码，并在登录时进行匹配..我正在使用Mysql作为数据库..Mysql也提供了将密码转换为MD5(即MD5(密码))的选项. ..我想知道哪种方法是更好的加密方法..是使用Java代码还是mysql查询..

I am trying to encrypt the password using MD5 in user registration and matching the same during logging in.. I am using Mysql as my database.. Mysql too offers an option to convert password into MD5(ie MD5(password)).. I want to know which is the better way to encrypt it.. is it using java code or mysql query..

谢谢.

推荐答案

不存储密码.如果它曾经坐在磁盘上，它可能是 被盗.而是存储密码散列.使用正确的 哈希 算法 ，例如 SHA256 ， BCrypt 或

Don't store passwords. If it's ever sitting on a disk, it can be stolen. Instead, store password hashes. Use the right hashing algorithm, like SHA256, BCrypt or Salt the hash.

以下是您必须看到的一些有用链接:

Here are some useful links you must see:

• 如何最好地存储用户信息和用户登录名和密码
• 存储数据库密码的最佳做法
• 密码管理最佳做法(从坚果到汤，而不仅仅是存储或生成)
• 为密码设置密码:最佳做法?
• 哈希和加密算法之间的根本区别
• http://www.jasypt.org/howtoencryptuserpasswords.html
• http://www.codinghorror .com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
• Java-哈希算法-最快的实现
• 用Java快速实现MD5
• https://security.stackexchange.com/questions/12009/definitely-safest -password-storage-scheme

• How to best store user information and user login and password
• Best practices for storing database passwords
• Password Management Best Practices (soup to nuts, not just storage or generation)
• Salting Your Password: Best Practices?
• Is it ever ok to store password in plain text in a php variable or php constant?
• Fundamental difference between Hashing and Encryption algorithms
• http://www.jasypt.org/howtoencryptuserpasswords.html
• http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
• Java - Hash algorithms - Fastest implementations
• Fast MD5 Implementation in Java
• https://security.stackexchange.com/questions/12009/definitely-safest-password-storage-scheme

希望这会有所帮助.

这篇关于Java或MySQL中的密码加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！