如何使用Java中的BouncyCastle API加密和加密密码?

我对密码学很新,我使用BouncyCasetle API来加密密码并将其存储在数据库中.对于加密,我使用的是SHA-1算法,我希望将密码加密以防止它再次进行字典攻击.

任何帮助,将不胜感激.

最佳答案
我建议使用基于密码的密钥派生函数而不是基本哈希函数.像这样的东西:

// tuning parameters

// these sizes are relatively arbitrary
int seedBytes = 20;
int hashBytes = 20;

// increase iterations as high as your performance can tolerate
// since this increases computational cost of password guessing
// which should help security
int iterations = 1000;

// to save a new password:

SecureRandom rng = new SecureRandom();
byte[] salt = rng.generateSeed(seedBytes);

Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToSave.getBytes("UTF-8"), salt, iterations);

byte[] hash =
    ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();

// now save salt and hash

// to check a password, given the known previous salt and hash:

kdf = new Pkcs5S2ParametersGenerator();
kdf.init(passwordToCheck.getBytes("UTF-8"), salt, iterations);

byte[] hashToCheck =
    ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();

// if the bytes of hashToCheck don't match the bytes of hash
// that means the password is invalid

转载注明原文:如何使用Java中的BouncyCastle API加密和加密密码? - 代码日志