使用PBKDF2 Java解密和加密 [英] Decrypt and encrypt using PBKDF2 java

问题描述

有没有一种方法可以解密Java中的 PBKDF2 密码.Java已将 PBKDF2 算法实现为 PBKDF2WithHmacSHA1 .我得到了创建密码哈希的代码.我在下面提到了哈希技术的链接:

Is there a way to decrypt PBKDF2 password in java. Java has implementation of PBKDF2 algorithm as PBKDF2WithHmacSHA1. I got the code to create hashes for password. I referred to below link for hashing technique:

>://howtodoinjava.com/security/how-to-generate-secure-password-hash-md5-sha-pbkdf2-bcrypt-examples/

我的要求是以加密格式存储第三方FTP服务器密码，并在需要登录服务器时以纯文本格式从DB取回密码.有人可以建议最好的密码加密方法吗?

My requirement is to store the third Party FTP server password in the encrypted format and get back the password in plain text form from DB when there is a need to login into the server. Can anyone suggest best password encryption method?

推荐答案

请注意，PBKDF2是一种哈希方法，而不是加密方法(准确地说:它是一种从密码派生加密密钥的方法，但是它也经常用作密码哈希方法).PBKDF2的全部目的在于，除了通过蛮力猜测之外，还不可能获得原始密码，并且也要使其尽可能地难.

Note that PBKDF2 is a hashing-method rather than an encryption-method (to be precise: it is a method to derive an encryption-key from a password but it is frequently used as a password-hashing method as well). The whole point of PBKDF2 is to make it impossible to get the original password other than by brute-force guessing and make that as hard as possible too.

如果您在谈论用户的密码:您应该根本无法弄清楚他们的密码-如果您输入密码并让我知道(例如，通过显示我的密码)，我会立即将您的整个网站标记为不安全.

If you are talking about your users' passwords: you should not be able to get them in clear at all - if you did and let me know (e.g. by showing me my password) I'd instantly mark your whole site as insecure.

如果您需要为应用程序保留加密的密码才能访问其他服务，则PBKDF2是该工作的错误工具，请改用AES等真实的加密算法.

If you need to keep an encrypted password for your application to access another service then PBKDF2 is the wrong tool for the job, use a real encryption-algorithm like AES instead.

这篇关于使用PBKDF2 Java解密和加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！