Java PBEWithMD5AndDES [英] Java PBEWithMD5AndDES
问题描述
从您的意见中可以看出,您想要做的是使用密码加密包含敏感信息的文件基于密码的加密方案,具有用户在解密时提供的密码。这种情况下的敏感信息也恰好是密码,但这并不真正相关。 (你应该可以更新这个问题,让这个更清楚)。
你正在做正确的事情,你的问题只是SunJCE Java加密提供商不支持AES用于基于密码的加密。您需要使用其他提供商:例如,您可以使用 Bouncy Castle 提供商算法PBEWITHSHA256AND128BITAES-CBC-BC
。 (尽管有异想天开的名字,Bouncy Castle是非常受人尊敬的)。
至于我的数据是否足够安全,那么如果你保护的数据对攻击者的价值要低于大约1万美元,那么在2009年,它可能足够安全。而在2014年,如果您的数据完全值得加密,则答案为否。
I am using password based encryption. My initial thought was to use AES to encrypt the file which contains passwords. Turns out password based encryption does not support AES. It uses DES. AFAIK des is not secure. Is PBEWithMD5AndDES secure enough to thrust my data or should i look for another implementation?
It appears from your comments that what you would like to do is to encrypt a file which contains sensitive information, using a password-based encryption scheme, with a password provided by the user at decrypt-time. The sensitive information in this case also happens to be passwords, but that isn't really relevant. (You should probably update the question to make this more clear).
You are doing the right thing, your problem is just that the SunJCE Java cryptography provider doesn't support AES for password-based encryption. You need to use an alternative provider which does: for example, you could use the Bouncy Castle provider with the algorithm "PBEWITHSHA256AND128BITAES-CBC-BC"
. (Despite the whimsical name, Bouncy Castle is well-respected).
As for "is DES secure enough for my data", well if the data you're protecting would be worth less than roughly $10,000 to an attacker, then back in 2009 it was probably just secure enough. And in 2014, if your data is worth encrypting at all, the answer is no.
这篇关于Java PBEWithMD5AndDES的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!