Java:简单的文本文件加密?
[英]Java: simple text file encryption?
问题描述
I have the following three lines in my little game which store the id and pass of a new user: 
我的小游戏中有以下三行内容,用于存储新用户的ID和密码:
Properties prop = new Properties();
prop.setProperty(id, pass);
prop.store(new FileOutputStream(new File("path/to/project/src/properties.data")), "");
Unfortunately I've noticed that only by changing the properties file extension to txt all the users and passwords become visible and readable by anybody, which is a thing I don't really like. 不幸的是,我注意到只有通过将属性文件扩展名更改为txt,所有用户和密码才能被任何人看到和读取,这是我真正不喜欢的事情。 Please let me know of a good easy method to encrypt the file in some way. 请让我知道一种以某种方式加密文件的简便方法。
The thing is I already searched about this but the answers don't really fit my needs, I don't expect my game files getting attacked by the biggest hackers so using AES or any other big popular libraries would be too much I'd say. 事情是我已经搜索过这个问题,但是答案并不能真正满足我的需要,我不希望我的游戏文件受到最大的黑客的攻击,因此使用AES或任何其他流行的大型库对我来说都是太多。 What do you think? 你怎么看?
3 个解决方案
解决方案1
3 2016-08-01 01:01:54
First, everybody can read your password file, no matter if the extension is .txt or .data or whatever else. 首先,无论扩展名是.txt还是.data或其他任何名称,每个人都可以读取您的密码文件。 The extension is just a Windows trick to decide with which program to open the file, but it does nothing to the contents. 扩展名只是Windows的一个技巧,它决定使用哪个程序打开文件,但对内容不执行任何操作。
If you want to encrypt the password file, you'll need a key and / or a password for that, and then you need to figure out where and how to store that. 如果要加密密码文件,则需要一个密钥和/或密码,然后需要弄清楚在何处以及如何存储。 You just postpone the problem. 您只是推迟了问题。
If the file holds names and passwords of the players in your game, go with @Boris the Spider's advice: instead of saving (encrypted) passwords, just save the password's hash. 如果文件中包含游戏中玩家的名称和密码,请遵循@Boris the Spider的建议:不用保存(加密)密码,只需保存密码的哈希即可。 When someone logs in, calculate the hash of the entered password and compare that to the hash you have saved. 有人登录时,计算输入密码的哈希值并将其与您保存的哈希值进行比较。 If they are equal, the user entered the correct password. 如果它们相等,则用户输入正确的密码。 See this question and the accepted answer for a possible way to do this. 请参阅此问题和可接受的答案 ,以获取可能的方法。
解决方案2
1 2016-08-01 16:11:44
Here's an excellent article on storing passwords securely. 这是一篇关于安全存储密码的出色文章。 The examples are in C#, not Java, but it's still a helpful discussion: https://blog.mking.io/password-security-best-practices-with-examples-in-csharp/ 这些示例使用C#而不是Java编写,但仍是有益的讨论: https : //blog.mking.io/password-security-best-practices-with-examples-in-csharp/
I also strongly recommend the book "24 Deadly Sins of Software Security" by Michael Howard and David LeBlanc as a more general overview of common security bugs and how to avoid them. 我还强烈推荐迈克尔·霍华德(Michael Howard)和戴维·勒布朗(David LeBlanc)撰写的“软件安全的24个致命罪”一书,对常见的安全错误以及如何避免它们进行了更全面的概述。
解决方案3
0 2016-10-26 05:25:51
我遇到了类似的问题,我采取了在文件中写入AES加密字符串的方式(在我的情况下,要求用户从管理员那里获取加密密钥以放入属性文件中,因此我也提供了一种向其加密密码的方法),然后在我正在阅读的方法中将其解密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.