问题描述
如何转换使用此方法获得的char []密码:
char [] password = passwordInputField。获取密码();
到MD5哈希?通常我会使用下面的方法,但getBytes只与字符串兼容:
MessageDigest md = MessageDigest.getInstance(MD5 );
md.update(password.getBytes());
String hashedPass = new BigInteger(1,md.digest())。toString(16);
注意:散列算法不应该用于密码存储,因为散列很容易被破解。不过,我会用它来简单。
quick / easy / UNSECURE修复程序将把char数组转换为字符串。但是,这是不安全的,因为字符串是不可变的,不能从内存中清除。
字符串密码= new String(passwordInputField。获取密码());
MessageDigest md = MessageDigest.getInstance(MD5);
md.update(password.getBytes());
String hashedPass = new BigInteger(1,md.digest())。toString(16);
更安全的解决方案:将char []转换为byte []并清除内存中的数组
private byte [] toBytes(char [] chars){
CharBuffer charBuffer = CharBuffer.wrap(chars );
ByteBuffer byteBuffer = Charset.forName(UTF-8)。encode(charBuffer);
byte [] bytes = Arrays.copyOfRange(byteBuffer.array(),
byteBuffer.position(),byteBuffer.limit());
Arrays.fill(charBuffer.array(),'\\\ '); //清除敏感数据
Arrays.fill(byteBuffer.array(),(byte)0); //清除敏感数据
返回字节;
}
char [] passChars = passwordInputField.getPassword();
byte [] passBytes = toBytes(passChars);
MessageDigest md = MessageDigest.getInstance(MD5);
md.update(passBytes);
String hashedPass = new BigInteger(1,md.digest())。toString(16);
Arrays.fill(passChars,'\\\ '); //清除敏感数据
Arrays.fill(passBytes,(byte)0); //清除敏感数据
编辑: $ b
使用更安全的解决方案更新了答案(对于这个想法信任user2656928)。
credit to andreyne
How would one go about converting a char[] password obtained using this method:
char[] password = passwordInputField.getPassword();
To an MD5 Hash? Normally I would use the method below, but getBytes is only compatible with Strings:
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password.getBytes());
String hashedPass = new BigInteger(1, md.digest()).toString(16);
NOTE: The MD5 Hashing Algorithm should never be used for password storage, as it's hashes are easily cracked. However, I will use it for simplicity.
The quick/easy/UNSECURE fix would be to convert the char array to a string. However, this is unsecure because strings are immutable and can't be cleared from memory.
String password = new String(passwordInputField.getPassword());
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password.getBytes());
String hashedPass = new BigInteger(1, md.digest()).toString(16);
A more secure solution: convert the char[] to a byte[] and clear the arrays from memory afterward.
private byte[] toBytes(char[] chars) {
CharBuffer charBuffer = CharBuffer.wrap(chars);
ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
byteBuffer.position(), byteBuffer.limit());
Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
return bytes;
}
char[] passChars = passwordInputField.getPassword();
byte[] passBytes = toBytes(passChars);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(passBytes);
String hashedPass = new BigInteger(1, md.digest()).toString(16);
Arrays.fill(passChars, '\u0000'); // clear sensitive data
Arrays.fill(passBytes, (byte) 0); // clear sensitive data
EDIT:
Updated answer with a more secure solution (credit to user2656928 for the idea).
char[] to byte[] method credit to andreyne
这篇关于使用char []生成MD5哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!