使用 SHA-256 进行密码匹配验证
Password match verification with SHA-256
我想做的是在登录和注册页面生成相同的散列密码。登录页面哈希必须与数据库中的寄存器哈希相匹配。我正在使用 java 和以下代码。
注册页面:
// Encrypt password
try {
MessageDigest msgDigest = MessageDigest.getInstance("SHA-256");
msgDigest.reset();
byte[] passByte = pass.getBytes("UTF-8");
pass = msgDigest.digest(passByte).toString();
System.out.println(pass);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
}
登录页面:
// Encrypt password
try {
MessageDigest msgDigest = MessageDigest.getInstance("SHA-256");
msgDigest.reset();
byte[] passByte = ipwd.getBytes("UTF-8");
ipwd = msgDigest.digest(passByte).toString();
System.out.println(ipwd);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
}
所以我想出了一种方法来实现这一点,但它并不像它应该的那样安全。我有另一个文件设置密码来调用方法。
下面的代码是我想出来的。
public void encryptPass(String pwd) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
byte[] passBytes = pwd.getBytes();
md.reset();
byte[] digested = md.digest(passBytes);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < digested.length; i++) {
sb.append(Integer.toHexString(0xff & digested[i]));
}
encryptedPasscode = sb.toString();
} catch (NoSuchAlgorithmException e) {
Logger.getLogger(CryptWithMD5.class.getName()).log(Level.SEVERE, null, e);
System.out.println("Error Code: 1002" + e); // Error code for No Algorithm Exception
}
}
我想做的是在登录和注册页面生成相同的散列密码。登录页面哈希必须与数据库中的寄存器哈希相匹配。我正在使用 java 和以下代码。
注册页面:
// Encrypt password
try {
MessageDigest msgDigest = MessageDigest.getInstance("SHA-256");
msgDigest.reset();
byte[] passByte = pass.getBytes("UTF-8");
pass = msgDigest.digest(passByte).toString();
System.out.println(pass);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
}
登录页面:
// Encrypt password
try {
MessageDigest msgDigest = MessageDigest.getInstance("SHA-256");
msgDigest.reset();
byte[] passByte = ipwd.getBytes("UTF-8");
ipwd = msgDigest.digest(passByte).toString();
System.out.println(ipwd);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NewCustomer.class.getName()).log(Level.SEVERE, null, ex);
}
所以我想出了一种方法来实现这一点,但它并不像它应该的那样安全。我有另一个文件设置密码来调用方法。
下面的代码是我想出来的。
public void encryptPass(String pwd) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
byte[] passBytes = pwd.getBytes();
md.reset();
byte[] digested = md.digest(passBytes);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < digested.length; i++) {
sb.append(Integer.toHexString(0xff & digested[i]));
}
encryptedPasscode = sb.toString();
} catch (NoSuchAlgorithmException e) {
Logger.getLogger(CryptWithMD5.class.getName()).log(Level.SEVERE, null, e);
System.out.println("Error Code: 1002" + e); // Error code for No Algorithm Exception
}
}