概述
PBKDF2(Password-Based Key Derivation Function),PBKDF2简单而言就是将salted hash进行多次重复计算,这个次数是可选择的。如果计算一次所需要的时间是1微秒,那么计算1百万次就需要1秒钟。假如攻击一个密码所需的rainbow table有1千万条,建立所对应的rainbow table所需要的时间就是115天。这个代价足以让大部分的攻击者忘而生畏。
Java 代码:
public static void main(String[] args) throws NoSuchAlgorithmException,
InvalidKeySpecException {
String originalPassword = "password";
String generatedSecuredPasswordHash = generateStorngPasswordHash(originalPassword);
System.out.println(generatedSecuredPasswordHash);
boolean matched = validatePassword("password",
generatedSecuredPasswordHash);
System.out.println(matched);
matched = validatePassword("password1", generatedSecuredPasswordHash);
System.out.println(matched);
}
/**
* 说明 :判断加密数据与原始数据是否一致
*/
private static boolean validatePassword(String originalPassword,
String storedPassword) throws NoSuchAlgorithmException,
InvalidKeySpecException {
String[] parts = storedPassword.split(":");
int iterations = Integer.parseInt(parts[0]);
byte[] salt = toByte(parts[1]);
byte[] hash = toByte(parts[2]);
PBEKeySpec spec = new PBEKeySpec(originalPassword.toCharArray(), salt,
iterations, hash.length * 8);
SecretKeyFactory skf = SecretKeyFactory
.getInstance("PBKDF2WithHmacSHA1");
byte[] testHash = skf.generateSecret(spec).getEncoded();
int diff = hash.length ^ testHash.length;
for (int i = 0; i < hash.length && i < testHash.length; i++) {
diff |= hash[i] ^ testHash[i];
}
return diff == 0;
}
/**
* 说明 :16进制字符串转byte数组
*/
public static byte[] toByte(String hexString) {
hexString = hexString.replaceAll(" ", "");
int len = hexString.length() / 2;
byte[] result = new byte[len];
for (int i = 0; i < len; i++)
result[i] = Integer.valueOf(hexString.substring(2 * i, 2 * i + 2),
16).byteValue();
return result;
}
/**
*
* 说明 :PBKDF2WithHmacSHA1加盐加密
*
*/
private static String generateStorngPasswordHash(String password)
throws NoSuchAlgorithmException, InvalidKeySpecException {
int iterations = 1000;
char[] chars = password.toCharArray();
byte[] salt = getSalt().getBytes();
PBEKeySpec spec = new PBEKeySpec(chars, salt, iterations, 12 * 8);
SecretKeyFactory skf = SecretKeyFactory
.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = skf.generateSecret(spec).getEncoded();
return iterations + ":" + bytes2Hex(salt) + ":" + bytes2Hex(hash);
}
/**
* 说明 :生成随机盐
*/
private static String getSalt() throws NoSuchAlgorithmException {
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[16];
sr.nextBytes(salt);
return salt.toString();
}
/**
* 说明 :byte数组转换为16进制字符串
*/
public static String bytes2Hex(byte[] bts) {
String des = "";
String tmp = null;
for (int i = 0; i < bts.length; i++) {
tmp = (Integer.toHexString(bts[i] & 0xFF));
if (tmp.length() == 1) {
des += "0";
}
des += tmp;
}
return des;
}最后
以上就是兴奋歌曲为你收集整理的Java/Android中的PBKDF2加密认证的全部内容,希望文章能够帮你解决Java/Android中的PBKDF2加密认证所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复