Java或MySQL中的密码加密? [英] Encryption of Password in Java or MySQL?
问题描述
我正在尝试在用户注册时使用MD5加密密码,并在登录时进行匹配..我正在使用Mysql作为数据库..Mysql也提供了将密码转换为MD5(即MD5(密码))的选项. ..我想知道哪种方法是更好的加密方法..是使用Java代码还是mysql查询..
I am trying to encrypt the password using MD5 in user registration and matching the same during logging in.. I am using Mysql as my database.. Mysql too offers an option to convert password into MD5(ie MD5(password)).. I want to know which is the better way to encrypt it.. is it using java code or mysql query..
谢谢.
推荐答案
不存储密码.如果它曾经坐在磁盘上,它可能是 被盗.而是存储密码散列.使用正确的 哈希 算法 ,例如 SHA256 , BCrypt 或
Don't store passwords. If it's ever sitting on a disk, it can be stolen. Instead, store password hashes. Use the right hashing algorithm, like SHA256, BCrypt or Salt the hash.
以下是您必须看到的一些有用链接:
Here are some useful links you must see:
- 如何最好地存储用户信息和用户登录名和密码
- 存储数据库密码的最佳做法
- 密码管理最佳做法(从坚果到汤,而不仅仅是存储或生成)
- 为密码设置密码:最佳做法?
- 哈希和加密算法之间的根本区别
- http://www.jasypt.org/howtoencryptuserpasswords.html
- http://www.codinghorror .com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
- Java-哈希算法-最快的实现
- 用Java快速实现MD5
- https://security.stackexchange.com/questions/12009/definitely-safest -password-storage-scheme
- How to best store user information and user login and password
- Best practices for storing database passwords
- Password Management Best Practices (soup to nuts, not just storage or generation)
- Salting Your Password: Best Practices?
- Is it ever ok to store password in plain text in a php variable or php constant?
- Fundamental difference between Hashing and Encryption algorithms
- http://www.jasypt.org/howtoencryptuserpasswords.html
- http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
- Java - Hash algorithms - Fastest implementations
- Fast MD5 Implementation in Java
- https://security.stackexchange.com/questions/12009/definitely-safest-password-storage-scheme
希望这会有所帮助.
这篇关于Java或MySQL中的密码加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!