首页 文章

如何在Java中散列密码?

提问于
浏览
152

我需要哈希密码以存储在数据库中 . 我怎么能用Java做到这一点?

我希望获取纯文本密码,添加随机盐,然后将salt和散列密码存储在数据库中 .

然后,当用户想要登录时,我可以获取他们提交的密码,从他们的帐户信息中添加随机盐,哈希并查看它是否等于存储的哈希密码及其帐户信息 .

10 回答

  • 6

    虽然已经提到NIST recommendation PBKDF2,但我想指出从2013年到2015年有一个公共password hashing competition . 最后, Argon2 被选为推荐的密码哈希函数 .

    您可以使用原始(本机C)库的相当好的Java binding .

    在平均用例中,如果您选择PBKDF2而不是Argon2,反之亦然,从安全角度来看,我认为不重要 . 如果您有强大的安全要求,我建议您在评估中考虑Argon2 .

    有关密码散列函数安全性的更多信息,请参见security.se .

  • 6

    实际上,您可以使用Java运行时内置的工具来执行此操作 . Java 6中的SunJCE支持PBKDF2,这是一种用于密码散列的好算法 .

    byte[] salt = new byte[16];
    random.nextBytes(salt);
    KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 65536, 128);
    SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    byte[] hash = f.generateSecret(spec).getEncoded();
    Base64.Encoder enc = Base64.getEncoder();
    System.out.printf("salt: %s%n", enc.encodeToString(salt));
    System.out.printf("hash: %s%n", enc.encodeToString(hash));
    

    这是一个可用于PBKDF2密码验证的实用程序类:

    import java.security.NoSuchAlgorithmException;
    import java.security.SecureRandom;
    import java.security.spec.InvalidKeySpecException;
    import java.security.spec.KeySpec;
    import java.util.Arrays;
    import java.util.Base64;
    import java.util.regex.Matcher;
    import java.util.regex.Pattern;
    
    import javax.crypto.SecretKeyFactory;
    import javax.crypto.spec.PBEKeySpec;
    
    /**
     * Hash passwords for storage, and test passwords against password tokens.
     * 
     * Instances of this class can be used concurrently by multiple threads.
     *  
     * @author erickson
     * @see <a href="http://stackoverflow.com/a/2861125/3474">StackOverflow</a>
     */
    public final class PasswordAuthentication
    {
    
      /**
       * Each token produced by this class uses this identifier as a prefix.
       */
      public static final String ID = "$31$";
    
      /**
       * The minimum recommended cost, used by default
       */
      public static final int DEFAULT_COST = 16;
    
      private static final String ALGORITHM = "PBKDF2WithHmacSHA1";
    
      private static final int SIZE = 128;
    
      private static final Pattern layout = Pattern.compile("\\$31\\$(\\d\\d?)\\$(.{43})");
    
      private final SecureRandom random;
    
      private final int cost;
    
      public PasswordAuthentication()
      {
        this(DEFAULT_COST);
      }
    
      /**
       * Create a password manager with a specified cost
       * 
       * @param cost the exponential computational cost of hashing a password, 0 to 30
       */
      public PasswordAuthentication(int cost)
      {
        iterations(cost); /* Validate cost */
        this.cost = cost;
        this.random = new SecureRandom();
      }
    
      private static int iterations(int cost)
      {
        if ((cost < 0) || (cost > 30))
          throw new IllegalArgumentException("cost: " + cost);
        return 1 << cost;
      }
    
      /**
       * Hash a password for storage.
       * 
       * @return a secure authentication token to be stored for later authentication 
       */
      public String hash(char[] password)
      {
        byte[] salt = new byte[SIZE / 8];
        random.nextBytes(salt);
        byte[] dk = pbkdf2(password, salt, 1 << cost);
        byte[] hash = new byte[salt.length + dk.length];
        System.arraycopy(salt, 0, hash, 0, salt.length);
        System.arraycopy(dk, 0, hash, salt.length, dk.length);
        Base64.Encoder enc = Base64.getUrlEncoder().withoutPadding();
        return ID + cost + '$' + enc.encodeToString(hash);
      }
    
      /**
       * Authenticate with a password and a stored password token.
       * 
       * @return true if the password and token match
       */
      public boolean authenticate(char[] password, String token)
      {
        Matcher m = layout.matcher(token);
        if (!m.matches())
          throw new IllegalArgumentException("Invalid token format");
        int iterations = iterations(Integer.parseInt(m.group(1)));
        byte[] hash = Base64.getUrlDecoder().decode(m.group(2));
        byte[] salt = Arrays.copyOfRange(hash, 0, SIZE / 8);
        byte[] check = pbkdf2(password, salt, iterations);
        int zero = 0;
        for (int idx = 0; idx < check.length; ++idx)
          zero |= hash[salt.length + idx] ^ check[idx];
        return zero == 0;
      }
    
      private static byte[] pbkdf2(char[] password, byte[] salt, int iterations)
      {
        KeySpec spec = new PBEKeySpec(password, salt, iterations, SIZE);
        try {
          SecretKeyFactory f = SecretKeyFactory.getInstance(ALGORITHM);
          return f.generateSecret(spec).getEncoded();
        }
        catch (NoSuchAlgorithmException ex) {
          throw new IllegalStateException("Missing algorithm: " + ALGORITHM, ex);
        }
        catch (InvalidKeySpecException ex) {
          throw new IllegalStateException("Invalid SecretKeyFactory", ex);
        }
      }
    
      /**
       * Hash a password in an immutable {@code String}. 
       * 
       * <p>Passwords should be stored in a {@code char[]} so that it can be filled 
       * with zeros after use instead of lingering on the heap and elsewhere.
       * 
       * @deprecated Use {@link #hash(char[])} instead
       */
      @Deprecated
      public String hash(String password)
      {
        return hash(password.toCharArray());
      }
    
      /**
       * Authenticate with a password in an immutable {@code String} and a stored 
       * password token. 
       * 
       * @deprecated Use {@link #authenticate(char[],String)} instead.
       * @see #hash(String)
       */
      @Deprecated
      public boolean authenticate(String password, String token)
      {
        return authenticate(password.toCharArray(), token);
      }
    
    }
    
  • 6

    这是一个 complete implementation ,有两种方法正是你想要的:

    String getSaltedHash(String password)
    boolean checkPassword(String password, String stored)
    

    关键是即使攻击者可以访问您的数据库和源代码,密码仍然是安全的 .

    import javax.crypto.SecretKey;
    import javax.crypto.SecretKeyFactory;
    import javax.crypto.spec.PBEKeySpec;
    import java.security.SecureRandom;
    import org.apache.commons.codec.binary.Base64;
    
    public class Password {
        // The higher the number of iterations the more 
        // expensive computing the hash is for us and
        // also for an attacker.
        private static final int iterations = 20*1000;
        private static final int saltLen = 32;
        private static final int desiredKeyLen = 256;
    
        /** Computes a salted PBKDF2 hash of given plaintext password
            suitable for storing in a database. 
            Empty passwords are not supported. */
        public static String getSaltedHash(String password) throws Exception {
            byte[] salt = SecureRandom.getInstance("SHA1PRNG").generateSeed(saltLen);
            // store the salt with the password
            return Base64.encodeBase64String(salt) + "$" + hash(password, salt);
        }
    
        /** Checks whether given plaintext password corresponds 
            to a stored salted hash of the password. */
        public static boolean check(String password, String stored) throws Exception{
            String[] saltAndHash = stored.split("\\$");
            if (saltAndHash.length != 2) {
                throw new IllegalStateException(
                    "The stored password must have the form 'salt$hash'");
            }
            String hashOfInput = hash(password, Base64.decodeBase64(saltAndHash[0]));
            return hashOfInput.equals(saltAndHash[1]);
        }
    
        // using PBKDF2 from Sun, an alternative is https://github.com/wg/scrypt
        // cf. http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html
        private static String hash(String password, byte[] salt) throws Exception {
            if (password == null || password.length() == 0)
                throw new IllegalArgumentException("Empty passwords are not supported.");
            SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
            SecretKey key = f.generateSecret(new PBEKeySpec(
                password.toCharArray(), salt, iterations, desiredKeyLen));
            return Base64.encodeBase64String(key.getEncoded());
        }
    }
    

    我们正在存储 'salt$iterated_hash(password, salt)' . 盐是32个随机字节,其目的是如果两个不同的人选择相同的密码,存储的密码仍然会有所不同 .

    iterated_hash ,基本上是 hash(hash(hash(... hash(password, salt) ...))) ,对于有权访问您的数据库的潜在攻击者猜测密码,散列它们以及查找数据库中的哈希值非常昂贵 . 每次用户登录时都必须计算这个 iterated_hash ,但与花费近100%的时间计算哈希的攻击者相比,它不会花费太多 .

  • 1

    BCrypt是一个非常好的图书馆,它有一个Java port .

  • 27

    您可以使用MessageDigest计算哈希值,但这在安全性方面是错误的 . 哈希不能用于存储密码,因为它们很容易破碎 .

    您应该使用其他算法,如bcrypt,PBKDF2和scrypt来存储密码 . See here .

  • 7

    您可以使用OWASP库描述的Shiro库(以前为JSecurityimplementation .

    它看起来像JASYPT库有similar utility .

  • 3

    除了其他答案中提到的bcrypt和PBKDF2,我建议看scrypt

    不建议使用MD5和SHA-1,因为它们相对较快,因此使用“每小时租金”分布式计算(例如EC2)或现代高端GPU可以使用强力/字典攻击以相对低的成本和合理的方式“破解”密码时间 .

    如果必须使用它们,那么至少要对算法进行预定义的重复次数(1000) .

  • 3

    完全同意埃里克森的观点,即 PBKDF2 就是答案 .

    如果您没有该选项,或者只需要使用哈希,那么Apache Commons DigestUtils比正确获取JCE代码要容易得多:https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/DigestUtils.html

    如果您使用哈希,请使用sha256或sha512 . 此页面提供了有关密码处理和散列的良好建议(请注意,它不建议使用散列处理密码):http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html

  • 134

    这里有两个MD5散列和其他散列方法的链接:

    Javadoc API:http://java.sun.com/j2se/1.4.2/docs/api/java/security/MessageDigest.html

    教程:http://www.twmacinta.com/myjava/fast_md5.php

  • 86

    在所有标准哈希方案中,LDAP ssha是最安全的哈希方案,

    http://www.openldap.org/faq/data/cache/347.html

    我只会遵循那里指定的算法并使用MessageDigest来执行哈希 .

    您需要按照建议将salt存储在数据库中 .

相关问题