如何用md5散列密码登录？ [英] How to login with md5 hashed passwords?

问题描述

我散列了密码并将它们存储在数据库中。
但是我不能在不解密密码的情况下登录。
我该怎么做？

I have hashed my passwords and stored them in a database. But I cannot login without decrypting the password. How do I do this?

我的代码尝试去做但不起作用：

My code that tries to do it but doesn't work:

@RequestMapping(method = RequestMethod.POST)
public String processLogin(Person user, BindingResult result, 
                           @RequestParam("userName") String username, 
                           @RequestParam("password") String password) {
    try {
        password = Hex.encodeHexString(MessageDigest.getInstance("SHA-256").digest());
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    ValidateUser(username, password);

    String destination = "";
    if (success == true) {
        destination = "redirect:/person.html";
    }
    else {
        destination = "redirect:/index.html";
    }
    return destination;
}

public boolean ValidateUser(String username, String password) {
    // Decrypt password here.
    List<Person> users = service.getAllPersons();

    for (Person allUsers : users) {
        if (allUsers.getUserName().equals(username) && 
            allUsers.getPassword().equals(password)) {
            success = true;
        }
    }
    return success;
}

以下是我的md5密码：

And here is my md5 cryption:

public void setPassword(String password) {
    String md5 = null;
    try {
        // Create MessageDigest object for MD5
        MessageDigest digest = MessageDigest.getInstance("MD5");

        // Update input string in message digest
        digest.update(password.getBytes(), 0, password.length());

        // Converts message digest value in base 16 (hex)
        md5 = new BigInteger(1, digest.digest()).toString(16);

    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    this.password = md5;
}

推荐答案

md5散列，您对用户提供的密码进行编码，并根据数据库中的散列值进行检查。

You don't decrypt a md5 hash, you encode the password provided by the user, and check it against the hash in the database.

为了提高安全性，您还应该在密码前添加一个salt散列。 MD5并不是一个很好的密码散列算法，因为它是为了速度而设计的，这与你想要的相反，你希望密码生成相对较慢，所以使用更安全的算法，并多次散列。

For extra security you should also add a salt to the password before hashing. MD5 is not a good hashing algorithm for passwords, as it's designed for speed, that's the opposite of what you want, you want the password generation to be relatively slow, so use a more secure algorithm, and hash multiple times.

您可以使用SHA-256生成哈希：

You can generate a hash using SHA-256:

MessageDigest md = MessageDigest.getInstance("SHA-256");
String password = "some password";

md.update(password.getBytes("UTF-8"));
byte[] digest = md.digest();

在将散列插入数据库时​​使用相同的算法，例如在登录时收到密码，并匹配数据库中的哈希。

Use the same algorithm when you insert the hash into the database, as when you receive the password during login, and match the hashes in the database.

这篇关于如何用md5散列密码登录？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！