Java加盐加密

1.场景还原

    很多同学认为登录密码经过MD5加密后就万事无忧,遗憾的告诉你,这并非万全之策;虽然这个世界上没有绝对的安全,但是我们能不能动动脑筋将密码加密的更安全呢?那么今天请跟随笔者的脚步,笔者将带你玩转加盐加密。

2.实现方案

①静态加盐法

1>在静态常量类中自定义静态盐salt

public static final  String SALT_STRING = "be5e0323a9195ade5f56695ed9f2eb6b036f3e6417115d0cbe2fb9d74d8740406838dc84f152014b39a2414fb3530a40bc028a9e87642bd03cf5c36a1f70801e";
这个盐长度长点相对更安全;

2>加密类

public class PasswordEncoder {
    private final static String[] hexDigits = { "0", "1", "2", "3", "4", "5",
            "6", "7", "8", "9", "a", "b", "c", "d", "e", "f" };

    private Object salt;
    private String algorithm;

    public PasswordEncoder(Object salt, String algorithm) {
        this.salt = salt;
        this.algorithm = algorithm;
    }

    public String encode(String rawPass) {
        String result = null;
        try {
            MessageDigest md = MessageDigest.getInstance(algorithm);
            //加密后的字符串
            result = byteArrayToHexString(md.digest(mergePasswordAndSalt(rawPass).getBytes("utf-8")));
        } catch (Exception ex) {
        }
        return result;
    }

    public boolean isPasswordValid(String encPass, String rawPass) {
        String pass1 = "" + encPass;
        String pass2 = encode(rawPass);

        return pass1.equals(pass2);
    }

    private String mergePasswordAndSalt(String password) {
        if (password == null) {
            password = "";
        }

        if ((salt == null) || "".equals(salt)) {
            return password;
        } else {
            return password + "{" + salt.toString() + "}";
        }
    }

    /**
     * 转换字节数组为16进制字串
     * @param b 字节数组
     * @return 16进制字串
     */
    private static String byteArrayToHexString(byte[] b) {
        StringBuffer resultSb = new StringBuffer();
        for (int i = 0; i < b.length; i++) {
            resultSb.append(byteToHexString(b[i]));
        }
        return resultSb.toString();
    }

    private static String byteToHexString(byte b) {
        int n = b;
        if (n < 0)
            n = 256 + n;
        int d1 = n / 16;
        int d2 = n % 16;
        return hexDigits[d1] + hexDigits[d2];
    }


    public static void main(String[] args) {
        String salt = "be5e0323a9195ade5f56695ed9f2eb6b036f3e6417115d0cbe2fb9d74d8740406838dc84f152014b39a2414fb3530a40bc028a9e87642bd03cf5c36a1f70801e";
        PasswordEncoder encoderMd5 = new PasswordEncoder(salt, "MD5");
        String encode = encoderMd5.encode("zxp52077");
        System.out.println(encode);
        boolean passwordValid = encoderMd5.isPasswordValid("c21feb87d79fd42e4336e4c231785ff9", "test");
        System.out.println(passwordValid);

        PasswordEncoder encoderSha = new PasswordEncoder(salt, "SHA");
        String pass2 = encoderSha.encode("test");
        System.out.println(pass2);
        boolean passwordValid2 = encoderSha.isPasswordValid("409cf43cbdc92e1979018b2e2fdc60c7f07673e9", "test");
        System.out.println(passwordValid2);

    }

}
 在用户注册的时候就生成加盐加密后的密文插入数据库中;

3>登录,将前端密码同样加盐加密与数据库进行比对

Java加盐加密_第1张图片

如果登录密码加密后等于数据库的密文密码,那就登录成功,反之失败!

②动态加盐法

1>对用户名进行哈希加盐

String salt = PwdEnCoder.encode(Long.parseLong(loginName));
String hashSalt = PwdEnCoder.getMD5(salt);
这里的用户名限于long类型,例如手机号码,这里的用户名限制手机号码就是唯一的,那么用户的用户名哈希盐也是唯一的;

2>通过用户名哈希盐和前端传输的密码生成密码密文

String ecPassWord = new SimpleHash("SHA-1", password, hashSalt).toString();

这个SimpleHash()方法是shrio框架囊括的一个类,所以工程还得导入shrio依赖


  org.apache.shiro
  shiro-core
  1.2.3

得到加盐加密后的密码,然后就与数据库密文进行比对


3>加盐加密算法

public class PwdEnCoder {
    public static void main(String[] args) {
   System.out.println("密文:" + encode(201314520));
   System.out.println("原文:" + decode(encode(201314520)));
    }

    /**
     * 密文加密和解析字典,必须private,可以根据需要打乱这些字符的顺序,打乱后,可以得到不同的密码,最好按需打乱
     */
    private static final char[] array = { 'q', 'w', 'e', 'r', 't', 'y', 'u', 'i', 'o', 'p', 'a', 's', 'd', 'f', 'g',
       'h', 'j', 'k', 'l', 'z', 'x', 'c', 'v', 'b', 'n', 'm', '8', '5', '2', '7', '3', '6', '4', '0', '9', '1',
       'Q', 'W', 'E', 'R', 'T', 'Y', 'U', 'I', 'O', 'P', 'A', 'S', 'D', 'F', 'G', 'H', 'J', 'K', 'L', 'Z', 'X',
       'C', 'V', 'B', 'N', 'M', '+', '-' };

    /**
     * @param number
     *            long类型的10进制数,该数必须大于0
     * @return string类型的密文
     */
    public static String encode(long number) {
   Long rest = number;
   // 创建栈
   Stack stack = new Stack();
   StringBuilder result = new StringBuilder(0);
   while (rest >= 1) {
       // 进栈,
       // 也可以使用(rest - (rest / 64) * 64)作为求余算法
       stack.add(array[new Long(rest % 64).intValue()]);
       rest = rest / 64;
   }
   for (; !stack.isEmpty();) {
       // 出栈
       result.append(stack.pop());
   }
   return result.toString();

    }

    /**
     * 支持范围是A-Z,a-z,0-9,+,-
     *
     * @param str
     * @return
     */
    public static long decode(String str) {
   // 倍数
   int multiple = 1;
   long result = 0;
   Character c;
   for (int i = 0; i < str.length(); i++) {
       c = str.charAt(str.length() - i - 1);
       result += decodeChar(c) * multiple;
       multiple = multiple * 64;
   }
   return result;
    }

    private static int decodeChar(Character c) {
   for (int i = 0; i < array.length; i++) {
       if (c == array[i]) {
      return i;
       }
   }
   return -1;
    }

    /**
     * 哈希盐
     *
     * @param str
     * @return
     */
    public static String getMD5(String str) {
   try {
       MessageDigest md = MessageDigest.getInstance("MD5");
       md.update(str.getBytes());
       byte b[] = md.digest();
       int i;
       StringBuffer buf = new StringBuffer("");
       for (int offset = 0; offset < b.length; offset++) {
      i = b[offset];
      if (i < 0) {
          i += 256;
      }
      if (i < 16) {
          buf.append("0");
      }
      buf.append(Integer.toHexString(i));
       }
       str = buf.toString();
   } catch (Exception e) {
       e.printStackTrace();
   }
   return str;
    }
}
好了,两种加盐加密的方式笔者都倾囊相授了;今天加盐加密就告一段落;

我是张星,欢迎加入博主技术交流群,群号:313145288



你可能感兴趣的:(java)