我对密码学很新,我BouncyCasetle API
用来加密密码并将其存储在数据库中.对于加密我使用SHA-1
算法,我想盐密码,以防止它再次字典攻击.
任何帮助,将不胜感激.
我建议使用基于密码的密钥派生函数而不是基本哈希函数.像这样的东西:
// tuning parameters // these sizes are relatively arbitrary int seedBytes = 20; int hashBytes = 20; // increase iterations as high as your performance can tolerate // since this increases computational cost of password guessing // which should help security int iterations = 1000; // to save a new password: SecureRandom rng = new SecureRandom(); byte[] salt = rng.generateSeed(seedBytes); Pkcs5S2ParametersGenerator kdf = new Pkcs5S2ParametersGenerator(); kdf.init(passwordToSave.getBytes("UTF-8"), salt, iterations); byte[] hash = ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey(); // now save salt and hash // to check a password, given the known previous salt and hash: kdf = new Pkcs5S2ParametersGenerator(); kdf.init(passwordToCheck.getBytes("UTF-8"), salt, iterations); byte[] hashToCheck = ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey(); // if the bytes of hashToCheck don't match the bytes of hash // that means the password is invalid