這是爲密碼生成鹽的正確方法嗎?Java SecureRandom as salt
SecureRandom random = new SecureRandom();
byte[] salt = random.generateSeed(64);
String decoded = new String(salt, "Cp1252");
System.out.println(decoded);
我想要生成新的密碼(SHA-512),所以我也需要一個鹽。
哈希密碼將=用戶密碼+鹽......這是正確的?
難道這些奇怪的字符會「破壞」DB(MySQL)嗎? (更新:無,因爲鹽應該是加密/編碼/散列並將結果shoudnt使用奇怪的字符)
幾個輸出:
ã2}wÑ»-ÄKÇæꮃzR4qÉÖÙÚ!ž0ÉW9;*Vß4x»)
àöˆ˜£¿{,J¼…HþTù#+Bv(Fp´G~Aò`^e_ElpíÜžS A!ñÛz‹[email protected]`ý‡)‡ª€
5a£Æ.¥sgöfÈB:4-�y$Óx%Óâyý¾N¨…áq
如果這些鹽也作爲encripted SHA-512? (更新:使用Base64庫Apache的公共編碼編碼,見下文)
更新:
SecureRandom random = new SecureRandom();
byte[] saltArr = new byte[64];
random.nextBytes(saltArr);
String salt = new String(saltArr, "Cp1252");
System.out.println("SALT:"+salt);
byte[] encodedBytes = Base64.encodeBase64(saltArr);
System.out.println("Encoded SALT:" + new String(encodedBytes));
byte[] decodedBytes = Base64.decodeBase64(encodedBytes);
System.out.println("Decoded SALT:" + new String(decodedBytes, "Cp1252"));
//SHA
String target = "Test";
MessageDigest sh = MessageDigest.getInstance("SHA-512");
sh.update(target.getBytes());
StringBuffer sb = new StringBuffer();
for (byte b : sh.digest()) sb.append(Integer.toHexString(0xff & b));
System.out.println("Hashed PWD:"+sb);
//And then joining them together...
看看以下問題http://stackoverflow.com/questions/18142745/how-do-i-generate-a-salt-in-java-for-salted-hash – sasankad 2015-02-23 22:51:16