用salt存储并验证散列密码 [英] Store and validate hashed password with salt
问题描述
我有一个叫做 我选择salt作为一个静态值,在这个例子中,我选择了一个相同的密码值( 但结果是: 为什么这两个值不一样? 有什么问题我的代码? 问题在这里: 在这里: 您正在创建 I simulate storing password hashes and validate it in login process. I have a method called I choose salt an static value and in this example, i choose an identical value for password ( But the result is: Why this two value is not identical? What is wrong with my code? The problem is here: and here: You're creating a Use
这篇关于用salt存储并验证散列密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! hashPassword(String password)
hello123 )
public class T1 {
public static void main(String [] args){
String userDefinedPassword =hello123;
String hashedPassToStoreInDB = String.valueOf(hashPassword(userDefinedPassword));
System.out.println(在DB中存储的内容:+ hashedPassToStoreInDB);
//在数据库中存储
//密码验证
字符串inputPassword =hello123;
字符串hashedInputPassword = String.valueOf(hashPassword(inputPassword));
System.out.println(用户散列密码:+ hashedInputPassword);
if(hashedPassToStoreInDB.equals(hashedInputPassword)){
System.out.println(Correct);
} else {
System.out.println(Incorrect);
private static byte [] hashPassword(String password){
byte [] salt = new byte [16];
byte [] hash = null;
for(int i = 0; i <16; i ++){
salt [i] =(byte)i;
}
尝试{
KeySpec spec = new PBEKeySpec(password.toCharArray(),salt,65536,128);
SecretKeyFactory f = SecretKeyFactory.getInstance(PBKDF2WithHmacSHA1);
hash = f.generateSecret(spec).getEncoded();
} catch(NoSuchAlgorithmException nsale){
nsale.printStackTrace();
catch(InvalidKeySpecException ikse){
ikse.printStackTrace();
}
返回散列;
$ / code>
在数据库中存储的内容:[B @ 219c9a58
用户散列密码:[B @ 305918a5
错误
字符串hashedPassToStoreInDB = String.valueOf(hashPassword(userDefinedPassword));
字符串hashedInputPassword = String.valueOf(hashPassword(inputPassword));
String byte [] 从 hashPassword 方法返回,但使用了错误的方法。由于在 String#valueOf 方法中没有对 byte [] 进行重载,所以它会结束调用 String#valueOf(Object obj) ,它将在内部使用 Object#toString ,并且数组的字符串表示本身是没有意义的。
String hashedPassToStoreInDB = new String(hashPassword(userDefinedPassword));
// ...
字符串hashedInputPassword = new String(hashPassword(inputPassword));
hashPassword(String password) to get a String password and returns it's hash with adding of salt.hello123)public class T1 {
public static void main(String[] args) {
String userDefinedPassword = "hello123";
String hashedPassToStoreInDB = String.valueOf(hashPassword(userDefinedPassword));
System.out.println("what stores in DB: " + hashedPassToStoreInDB);
// store in database
//Password Verify
String inputPassword = "hello123";
String hashedInputPassword = String.valueOf(hashPassword(inputPassword));
System.out.println("Users hashed password: " + hashedInputPassword);
if (hashedPassToStoreInDB.equals(hashedInputPassword)) {
System.out.println("Correct");
} else {
System.out.println("Incorrect");
}
}
private static byte[] hashPassword(String password) {
byte[] salt = new byte[16];
byte[] hash = null;
for (int i = 0; i < 16; i++) {
salt[i] = (byte) i;
}
try {
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
hash = f.generateSecret(spec).getEncoded();
} catch (NoSuchAlgorithmException nsale) {
nsale.printStackTrace();
} catch (InvalidKeySpecException ikse) {
ikse.printStackTrace();
}
return hash;
}
}
what stores in DB: [B@219c9a58
Users hashed password: [B@305918a5
Incorrect
String hashedPassToStoreInDB = String.valueOf(hashPassword(userDefinedPassword));
String hashedInputPassword = String.valueOf(hashPassword(inputPassword));
String from the byte[] returned from hashPassword method, but using the wrong method. Since there's no overload for byte[] in String#valueOf method, it ends calling String#valueOf(Object obj) which will use Object#toString internally, and the string representation of an array by itself is meaningless.new String(byte[] byteArray) instead.String hashedPassToStoreInDB = new String(hashPassword(userDefinedPassword));
//...
String hashedInputPassword = new String(hashPassword(inputPassword));
