哈希密码并与MD5进行比较
[英]Hashing password and comparing with MD5
问题描述
I have the following requirement. 
我有以下要求。
1. save a user password converted to hash(digested)
2. when comparing with data base, add random bytes with the password given from user
3. now send the random bytes added password to DAO class
4. separate the random byte from password
5. compare with the stored hashed(digested) password
I tried some thing similar but it gives array out of bound exception. 我尝试了类似的东西,但它给出了数组超出绑定的异常。
package poc;
import com.sun.xml.internal.ws.message.ByteArrayAttachment;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
public class HashedPassword {
public static final String CRYPTOGRAPHY_ALGORITHM = "MD5";
public static final String CHAR_SET = "UTF8";
public static void main(String[] arg){
System.out.println(createPassword("r14@17*$"));
}
public static byte[] createPassword(String password){
byte[] salt = new byte[12];
byte[] digestedPassword =null;
byte[] digestedPasswordPwd =null;
try {
SecureRandom random = new SecureRandom();
random.nextBytes(salt);
MessageDigest mdPassword = MessageDigest.getInstance(CRYPTOGRAPHY_ALGORITHM);
MessageDigest mdPasswordPawd = MessageDigest.getInstance(CRYPTOGRAPHY_ALGORITHM);
mdPassword.update(salt);
mdPassword.update(password.getBytes(CHAR_SET));
mdPasswordPawd.update(password.getBytes(CHAR_SET));
digestedPassword = mdPassword.digest();
digestedPasswordPwd = mdPasswordPawd.digest();
byte[] resultBytes= new byte[1000];
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length);
if(Arrays.equals(resultBytes, digestedPasswordPwd)){
System.out.println("match");
}else{
System.out.println("no-match");
}
} catch (Exception ex) {
ex.printStackTrace();
}
System.out.println("digestedPassword : "+digestedPassword);
System.out.println("digestedPasswordPwd : "+digestedPasswordPwd);
return digestedPassword;
}
}
Stacktrace : 堆栈跟踪 :
java.lang.ArrayIndexOutOfBoundsException
digestedPassword : [B@9980d5
digestedPasswordPwd : [B@1d95492
[B@9980d5
at java.lang.System.arraycopy(Native Method)
at poc.HashedPassword.createPassword(HashedPassword.java:43)
at poc.HashedPassword.main(HashedPassword.java:23)
so please help me how to go about it 所以请帮助我如何去做
Kind Regards 亲切的问候
2 个解决方案
解决方案1
1 已采纳 2012-10-16 09:13:14
This line is at fault: 这条线有问题:
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length);
It tries to copy digestedPassword.length bytes from the digestedPassword , starting from position 11. So it tries to copy 11 bytes that are not there. 它尝试从位置11开始从digestedPassword复制digestedPassword.length字节。因此它尝试复制不存在的11个字节。
Try this one instead: 试试这个:
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length-11);
Copy from the API doc for System.arraycopy : 从System.arraycopy的API文档中复制:
Otherwise, if any of the following is true, an IndexOutOfBoundsException is thrown and the destination is not modified:
The srcPos argument is negative.
The destPos argument is negative.
The length argument is negative.
srcPos+length is greater than src.length, the length of the source array.
destPos+length is greater than dest.length, the length of the destination array.
解决方案2
1 2012-10-16 09:32:03
First of all, I think from your code,you are missing the bit related to removing/separate the random bytes from password.so it might be never be equal. 首先,我认为从您的代码中,您遗漏了与从密码中删除/分离随机字节相关的位。因此它可能永远不会相等。
regarding your ArrayIndexOutOfBoundsException i suggest,please use 关于你建议的ArrayIndexOutOfBoundsException,请使用
System.arraycopy(digestedPassword, 0, resultBytes,0,digestedPassword.length);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.