登录时如何将原始密码与数据库中的加密密码条目匹配
[英]How to match original password with encrypted password entry in database on login
问题描述
MessageDigest alg = MessageDigest.getInstance("MD5");
alg.reset();
alg.update(password.getBytes());
byte[] digest = alg.digest();
StringBuffer hashedpasswd = new StringBuffer();
String hx;
for (int i=0;i<digest.length;i++){
hx = Integer.toHexString(0xFF & digest[i]);
//0x03 is equal to 0x3, but we need 0x03 for our md5sum
if(hx.length() == 1){hx = "0" + hx;}
hashedpasswd.append(hx);
}
I followed the above code for password encryption. 
我按照上面的代码进行密码加密。 But when login the password checks with database password and login fails as the db entry is encrypted password. 但是,登录时,密码将与数据库密码一起检查,并且登录失败,因为数据库条目是加密密码。 How will i check the database's encrypted password with original password on login? 登录时如何使用原始密码检查数据库的加密密码?
2 个解决方案
解决方案1
5 2019-11-27 05:49:44
While checking with the database, Hash the password you entered with the same algorithm as the one you used to save it in the Data Base. 在检查数据库时,使用与用于将其保存在数据库中的算法相同的算法来哈希输入的密码。 That's how Hashing works. 这就是哈希的工作方式。 You don't need to "Decrypt" the password from the database, that's not possible. 您不需要从数据库中“解密”密码,这是不可能的。 You would rather want to Hash the password you're entering and check whether both the hash values (ie the one in db and the one you just hashed) are equal. 您宁愿对输入的密码进行哈希处理,并检查两个哈希值(即db中的一个和刚刚哈希的一个)是否相等。 That is the entire concept of hashing. 这就是哈希的整个概念。 You can't "DeHash" something. 您不能“ DeHash”某事。 You can only hash the coming data and compare it with previously hashed value. 您只能散列即将到来的数据,并将其与先前散列的值进行比较。
解决方案2
-1 2019-11-27 05:53:30
加密(user_entered_password)== getPasswordFromDatabase()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.