使用char []生成MD5哈希 [英] Generating an MD5 Hash with a char[]

问题描述

如何转换使用此方法获得的char []密码：

  char [] password = passwordInputField。获取密码（）; 
  

到MD5哈希？通常我会使用下面的方法，但getBytes只与字符串兼容：

  MessageDigest md = MessageDigest.getInstance（MD5 ）; 
 md.update（password.getBytes（））; 
 String hashedPass = new BigInteger（1，md.digest（））。toString（16）; 
  

解决方案

注意：散列算法不应该用于密码存储，因为散列很容易被破解。不过，我会用它来简单。

quick / easy / UNSECURE修复程序将把char数组转换为字符串。但是，这是不安全的，因为字符串是不可变的，不能从内存中清除。

 字符串密码= new String（passwordInputField。获取密码（））; 
 
 MessageDigest md = MessageDigest.getInstance（MD5）; 
 md.update（password.getBytes（））; 
 String hashedPass = new BigInteger（1，md.digest（））。toString（16）; 
  

更安全的解决方案：将char []转换为byte []并清除内存中的数组

  private byte [] toBytes（char [] chars）{
 CharBuffer charBuffer = CharBuffer.wrap（chars ）; 
 ByteBuffer byteBuffer = Charset.forName（UTF-8）。encode（charBuffer）; 
 byte [] bytes = Arrays.copyOfRange（byteBuffer.array（），
 byteBuffer.position（），byteBuffer.limit（））; 
 Arrays.fill（charBuffer.array（），'\\\'）; //清除敏感数据
 Arrays.fill（byteBuffer.array（），（byte）0）; //清除敏感数据
返回字节; 
} 
 
 char [] passChars = passwordInputField.getPassword（）; 
 byte [] passBytes = toBytes（passChars）; 
 
 MessageDigest md = MessageDigest.getInstance（MD5）; 
 md.update（passBytes）; 
 String hashedPass = new BigInteger（1，md.digest（））。toString（16）; 
 
 Arrays.fill（passChars，'\\\'）; //清除敏感数据
 Arrays.fill（passBytes，（byte）0）; //清除敏感数据
  

编辑： $ b

使用更安全的解决方案更新了答案（对于这个想法信任user2656928）。

char [] to byte [] method credit to andreyne

How would one go about converting a char[] password obtained using this method:

char[] password = passwordInputField.getPassword();

To an MD5 Hash? Normally I would use the method below, but getBytes is only compatible with Strings:

MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password.getBytes());
String hashedPass = new BigInteger(1, md.digest()).toString(16);

解决方案

NOTE: The MD5 Hashing Algorithm should never be used for password storage, as it's hashes are easily cracked. However, I will use it for simplicity.

The quick/easy/UNSECURE fix would be to convert the char array to a string. However, this is unsecure because strings are immutable and can't be cleared from memory.

String password = new String(passwordInputField.getPassword());

MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password.getBytes());
String hashedPass = new BigInteger(1, md.digest()).toString(16);

A more secure solution: convert the char[] to a byte[] and clear the arrays from memory afterward.

private byte[] toBytes(char[] chars) {
    CharBuffer charBuffer = CharBuffer.wrap(chars);
    ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
    byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
            byteBuffer.position(), byteBuffer.limit());
    Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
    Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
    return bytes;
}

char[] passChars = passwordInputField.getPassword();
byte[] passBytes = toBytes(passChars);

MessageDigest md = MessageDigest.getInstance("MD5");
md.update(passBytes);
String hashedPass = new BigInteger(1, md.digest()).toString(16);

Arrays.fill(passChars, '\u0000'); // clear sensitive data
Arrays.fill(passBytes, (byte) 0); // clear sensitive data

EDIT:

Updated answer with a more secure solution (credit to user2656928 for the idea).

char[] to byte[] method credit to andreyne

这篇关于使用char []生成MD5哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！