Java Edition PBKDF2 validation

Passwords in the system usually need to be stored in the system in the form of ciphertext, so it is usually necessary to encrypt the plaintext password during the operation.

The way of encryption can be divided into: bidirectional encryption one-way encryption.

• Two-way encryption: Simple to understand is that the encrypted cipher can be decrypted by the key to clear text. Commonly used encryption des, idea, RC2, RC4, skipjack, RC5, AES.
• Conversely, one-way encryption is an irreversible encryption method. Common such as: MD5, SHA.
  And the two-way encryption is divided into symmetric and asymmetric encryption. This is determined by the encryption and decryption of the key is the same, symmetric encryption is the same encryption and decryption key, non-object encryption is the reverse.

Because of the general encryption after the container crack, such as for MD5 encryption, the attacker only need a simple SQL statement

': SELECT * from UserInfo where password= ' 4qrcoum6wau+vubx8g+ipg== '

' You can tell that there are several user passwords that are "123456", which is dangerous for a project. Therefore, it is usually preceded by a string of random sequences before encryption. Called Salt.

Salt is a random sequence that is added to the user's password hash process. This mechanism prevents the rainbow table from being cracked by pre-computed results. Each user has his or her own salt, and the result is that even if the user's password is the same, the hash value will be different by adding salt. However, there are many contradictions in the location where the salt and ciphertext are stored, sometimes it is convenient to have both, and sometimes it is necessary to store the two separately for security reasons. Since the PBKDF2 algorithm avoids brute force through the mechanism of key, I don't think it is necessary to hide the salt and store it in the same place as the ciphertext.

This article mainly shares a PBKDF2 cryptographic tool class, as follows.

public static final int hash_millis = 1231; public static final String algorithm = "Asfdasdfdfsafs";p ublic static final int iteration_count = 123123;public static fin Al int key_size = 123;public static final int salt_length = 123;/** * * @Title: GetSalt * @author: Chen Fanglin * @Description: TODO ( Get salt) * @param @return Settings file * @return String return type * @date am 9:28:18 */public static string GetSalt () {string SA    Lt=new String (Base64.encodebase64 (Nextsalt ())); return salt;} /** * * @author: cfl* @Description: TODO (password encryption) * @param @param salt * @param @param password plaintext * @param @return add salt after the ciphertext * @pa Ram @throws Exception settings file * @return String return type * @date July 20, 2015 18:36:21 */public static string Encryptpassword (S    Tring salt,string password) throws exception{byte[] Saltbyte = Base64.decodebase64 (Salt.getbytes ());    Byte[] hash = Passwordsutils.hashpassword (Password.tochararray (), saltbyte);    String pwd_hash_str = new String (base64.encodebase64 (hash)); return PWD_HASH_STR;} Public StAtic byte[] Hashpassword (char[] password, byte[] salt) throws Generalsecurityexception {return Hashpassword (pas Sword, salt, iteration_count, key_size);} public static byte[] Hashpassword (char[] password, byte[] salt, int iterationcount, int keySize) throws Generalsecu        rityexception {try {pbekeyspec spec = new Pbekeyspec (password, salt, IterationCount, keySize);        Secretkeyfactory factory = secretkeyfactory.getinstance (algorithm);    return Factory.generatesecret (spec). getencoded ();    } catch (IllegalArgumentException e) {throw new Generalsecurityexception ("Key size" + KeySize, E);  }}public Static Boolean matches (char[] password, byte[] passwordhash, byte[] salt) throws Generalsecurityexception {return matches (password, passwordhash, salt, iteration_count, key_size);} public static Boolean matches (char[] password, byte[] passwordhash, byte[] salt, int iterationcount, int keySize) t Hrows Generalsecurityexception {RETUrn Arrays.equals (passwordhash, Hashpassword (password, salt, IterationCount, keySize));}    public static byte[] Nextsalt () {byte[] salt = new Byte[salt_length];    securerandom sr = new SecureRandom ();    Sr.nextbytes (salt); return salt;}

Validation examples

UserInfo userinfo=SessionManager.getLoginUser();String salt=userinfo.getSalt();String realPassword=userinfo.getPassword();String inputPassword;  //用户输入的password//返回用户输入密码加密后的密文String encryptPassword=PasswordsUtils.encryptPassword(salt, inputPassword); if(encryptPassword.equals(realPassword)){    return true;}else{    return false;}

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Java Edition PBKDF2 validation