问题描述
我想在这里使用一个哈希函数:
使用这个函数,我可以在将密码保存到数据库之前对密码进行哈希处理。
但
在我的应用程序中,我使用密码登录到不同的服务器(如邮件服务器),但在javacode内部,我需要密码而不是散列,而是作为纯文本密码。现在我想知道如何再次提取纯文本密码(散列+ salt存储在数据库中,并且散列函数/迭代计数已知)以使用它登录到我的不同服务器。
有谁知道如何做到这一点? (最好以我可以使用链接的OWASP代码来散列我的密码的方式)
编辑:加密看起来像是去这里,但这是一个可接受的解决方案(因为加密不是那么安全)?我会选择高迭代次数和salt。
I have an issue with password hashing.
I would like to use a hashing function just like this one here:
With this function I can hash passwords before I save them into my database.
BUT
In my application I use the password then to log in to different servers (like a mail-server) but inside the javacode I need the password not hashed but rather as a plain text password.
So now I'm wondering how I can extract the plain text password again (hash + salt is stored in the DB and hash-function/ iteration count is known) to use it to log in to my different servers.
Does anyone know how to do that? (preferably in a way that I can uses the linked OWASP Code to hash my passwords)
EDIT : It seems like encryption would be the way to go here, but is this an acceptable solution (as encryption is not that safe)? I would go with a high iteration count and salt anyway.
The entire purpose of a hash is to be irreversible. If you could get the plain-text password back it would defeat the purpose of the hash, and would also be a security vulnerability.
这篇关于Java中的散列 - >从哈希和密码获取密码盐的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!