Implementation of PBKDF2 Encryption

PBKDF2 (password-based Key derivation Function).

Encrypted through a hashing algorithm. Because the hashing algorithm is unidirectional, data of any size can be converted to a fixed-length "fingerprint" and cannot be reversed. Also, the result of the hash will be completely different, even if the data source has changed only a little. This feature makes it ideal for saving passwords, because we need encrypted passwords that cannot be decrypted, and also ensure that each user's password is correctly verified. But hash encryption can be cracked by dictionary attacks and brute force attacks.

Add salt to the password. Salt is a random sequence that is added to the user's password hash process. This mechanism prevents the rainbow table from being cracked by pre-computed results. Each user has his or her own salt, and the result is that even if the user's password is the same, the hash value will be different by adding salt. In order to verify that the password is correct, we need to store the salt value. It is usually stored in the account database along with the password hash, or is stored directly as part of the hash string.

public class Passwordencryption {public static final String pbkdf2_algorithm = "PBKDF2WITHHMACSHA1";/** * Salt length */public St  atic final int salt_byte_size = 32/2;/** * Generate ciphertext length */public static final int hash_bit_size = 128 * 4;/** * Iteration Count */public static final int pbkdf2_iterations = 1000;/** * Verify the password entered * * @param attemptedpassword * Password to be verified * @param enc  Ryptedpassword * Ciphertext * @param salt * Salt value * @return Verify Success * @throws NoSuchAlgorithmException * @throws Invalidkeyspecexception */public Static Boolean authenticate (string Attemptedpassword, String Encryptedpassword, String salt) throws NoSuchAlgorithmException, Invalidkeyspecexception {//Use the same salt value to encrypt the password entered by the user string Encryptedattemptedpassword = Getencryptedpassword (Attemptedpassword, salt), or//encrypt the ciphertext and the original ciphertext comparison, the same verification success, otherwise failed to return Encryptedattemptedpassword.equals (Encryptedpassword);} /** * Generate ciphertext * * @param password * Clear text password * @param salt * Salt value * @return * @throws Nosuchalgorithmexcepti On * @throws invalidkeyspecexception */public static string Getencryptedpassword (string password, string salt) throws nosuchalgorithmexception,invalidkeyspecexception {KeySpec spec = new Pbekeyspec (Password.tochararray (), FromHex (salt ), Pbkdf2_iterations, hash_bit_size); Secretkeyfactory f = secretkeyfactory.getinstance (Pbkdf2_algorithm); return Tohex (F.generatesecret (spec). getEncoded ());} /** * generates salt by providing an encrypted strong random number generator * * @return * @throws nosuchalgorithmexception */public static String Generatesalt () throws Nosu chalgorithmexception {SecureRandom random = securerandom.getinstance ("sha1prng"); byte[] Salt = new byte[salt_byte_size ];random.nextbytes (salt); return Tohex (salt);} /** * Hex string to binary String * * @param    hex         the hex string * @return & nbsp;             the hex string decoded into a byte array       */private Static byte[] Fromhex (String hex) {byte[] binary = new Byte[hex.length ()/2];for (int i = 0; i < binary.length; i++) {Binary[i] = (byte) integer.parseint (hex.substring (2 * I, 2 * i + 2), 16);} return binary;} /** * binary string to hexadecimal string * * @param    array       The byte array to convert * @return               a length*2 character string encoding The byte array       */private static String Tohex (byte[] array) {BigInteger bi = new BigInteger ( 1, array); String hex = bi.tostring (+), int paddinglength = (Array.Length * 2)-hex.length (), if (Paddinglength > 0) return String. Format ("%0" + Paddinglength + "D", 0) + Hex;elsereturn Hex;}}

The first thing to do is to generate a salt value, and then encrypt the original password and salt to get ciphertext. Verification, the user input password and the same salt value of the same method to use the same encryption algorithm to get a cipher, the ciphertext and the original cipher comparison, the same is verified through, and vice versa.

public static void Main (string[] args) {String password = "Test"; String Salt; String ciphertext;try {salt = Passwordencryption.generatesalt (); ciphertext = Passwordencryption.getencryptedpassword (password, salt); Boolean result = Passwordencryption.authenticate (password, ciphertext, salt); SYSTEM.OUT.PRINTLN (password + "  " + password.length ()); System.out.println (salt + "  " + salt.length ()); SYSTEM.OUT.PRINTLN (ciphertext + "  " + ciphertext.length ()); if (result) {System.out.println ("succeed");} else { System.out.println ("Failed");}} catch (NoSuchAlgorithmException e) {System.out.println ("nosuchalgorithmexception");} catch (Invalidkeyspecexception e) {System.out.println ("invalidkeyspecexception");}}

The test results are:

Test  43aca9ca3fa80158b765ece7d0a45f2e8  32592cb30e95efc720c5accf425ed5f2fe46aa332d9980e6daa234797de49cda731c2c18e667b4dd71ba33797a3dcddd312ff9b03d802bf1cc09aacb2 a176cf741  128succeed

Resources:

1, https://en.wikipedia.org/wiki/PBKDF2
2, http://blog.jobbole.com/61872/#toc1
3, Http://www.oschina.net/question/82993_59611?sort=time&p=1

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Implementation of PBKDF2 Encryption