堆栈内存溢出
  繁体   English   中英

java android 中的 PBKDF2 密码不匹配

[英]PBKDF2 password mismatch in java android

 原文  2021-03-31 17:46:16       java/ android/ pbkdf2

问题描述

我正在运行首次设置,其中用户创建密码并将其存储在 sharedpreferences 中(我理解这的含义)唯一的问题是当我运行用户在登录页面上输入的密码时,它总是会出现到不同的密码,因此不会验证。

AFAIK 我正在根据这篇文章正确地对密码进行哈希处理,并且我愿意接受建议,但这让我发疯,因为我已经在我可以调试的每个地方都调试了应用程序,我只是看不到错误

首次设置代码

package com.example.myapplication;
import androidx.annotation.RequiresApi;
import androidx.appcompat.app.AppCompatActivity;
import android.content.Intent;
import android.content.SharedPreferences;
import android.database.sqlite.SQLiteDatabase;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.View;
import android.widget.CheckBox;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

public class FirstTimeActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        //reset login
        SharedPreferences pref = getApplicationContext().getSharedPreferences("DocStorage Preferences", MODE_PRIVATE);
        SharedPreferences.Editor editor = pref.edit();
        editor.remove("isFirstTime");
        editor.remove("PasswordHash");
        editor.commit();

        //message view box
    }

    @RequiresApi(api = Build.VERSION_CODES.KITKAT)
    public void attemptFirstTimeSetup(View v) throws InvalidKeySpecException, NoSuchAlgorithmException {
        if (((CheckBox)findViewById(R.id.riskCheckBox)).isChecked()){

            if (TextUtils.isEmpty(((EditText)findViewById(R.id.SetPassword)).getText().toString()))
            {
                ((EditText)findViewById(R.id.SetPassword)).setError("Can't be blank!");
            }
            else {
                String passwordtopass = ((EditText)findViewById(R.id.SetPassword)).getText().toString();
                String hashedpassword = PBKDF2_Encrypt(passwordtopass);
                SharedPreferences pref = getApplicationContext().getSharedPreferences("DocStorage Preferences", MODE_PRIVATE);
                SharedPreferences.Editor editor = pref.edit();
                editor.putString("isFirstTime","No");
                editor.putString("PasswordHash",hashedpassword);
                editor.commit();

                Intent backToMain = new Intent(this, LoginActivity.class);
                startActivity(backToMain);
            }
        }
        else {
            Toast.makeText(this, "Please check read and check the checkbox before continuing!", Toast.LENGTH_SHORT).show();
        }
    }
   
    @RequiresApi(api = Build.VERSION_CODES.KITKAT)
    public String PBKDF2_Encrypt(String password) throws NoSuchAlgorithmException, InvalidKeySpecException {
        //salting
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[16];
        random.nextBytes(salt);

        //
        KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        byte[] hash = factory.generateSecret(spec).getEncoded();
        String finalString = new String(hash, StandardCharsets.UTF_8);
        return finalString;
    }
}

登录活动代码

package com.example.myapplication;
import androidx.annotation.RequiresApi;
import androidx.appcompat.app.AppCompatActivity;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

public class LoginActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_login);
        setTitle("Login page");

        SharedPreferences pref = getApplicationContext().getSharedPreferences("DocStorage Preferences", MODE_PRIVATE);
        String firstTimeCheck = pref.getString("isFirstTime", "Yes");

        if (firstTimeCheck.equals("Yes")) {
            Intent firstTimeActivityIntent = new Intent(this, FirstTimeActivity.class);
            startActivity(firstTimeActivityIntent);
        } else {}
    }

    @RequiresApi(api = Build.VERSION_CODES.KITKAT)
    public void AttemptLogin(View v) throws InvalidKeySpecException, NoSuchAlgorithmException {
        SharedPreferences pref = getApplicationContext().getSharedPreferences("DocStorage Preferences", MODE_PRIVATE);
        String SavedPasswordHash = pref.getString("PasswordHash", "nothing here yet!");

        String passwordtopass2 = ((EditText)findViewById(R.id.passwordtext)).getText().toString();
        String loginPassword = PBKDF2_Encrypt(passwordtopass2);

        if (TextUtils.isEmpty(((EditText) findViewById(R.id.passwordtext)).getText().toString())) {
            ((EditText) findViewById(R.id.passwordtext)).setError("Can't be blank!");
        }
        else {
            if (loginPassword.equals(SavedPasswordHash)) {
                Toast.makeText(this, "Password is correct!", Toast.LENGTH_SHORT).show();

                Intent forwardToMain = new Intent(this, MainActivity.class);
                startActivity(forwardToMain);
            } else {
                Toast.makeText(this, "Password is incorrect!", Toast.LENGTH_SHORT).show();
            }
        }
    }

    @RequiresApi(api = Build.VERSION_CODES.KITKAT)
    public String PBKDF2_Encrypt(String password) throws NoSuchAlgorithmException, InvalidKeySpecException {
        //salting
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[16];
        random.nextBytes(salt);

        //
        KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        byte[] hash = factory.generateSecret(spec).getEncoded();
        String finalString = new String(hash, StandardCharsets.UTF_8);
        return finalString;
    }
}

1 个解决方案

解决方案1
 0 已采纳  2021-04-03 04:49:47

对于我的具体部分。 每次运行 random.nextBytes() 代码时都会运行随机化 output 的代码,这意味着它们在输入验证中永远不会匹配。 删除它工作。

random.nextBytes(salt);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Java中的PBKDF2进行密码验证 PBKDF2和Java中的HMAC PBKDF2与Java中的bouncycastle 我应该在Java中使用jBcrypt或PBKDF2进行密码加密吗? 在Java和PHP中使用PBKDF2 pbkdf2盐渍哈希密码验证 是否可以恢复 PBKDF2 哈希密码? Java/Node PBKDF2 hash 的用户密码使用盐和迭代计数 - 节点等效 使用PBKDF2 java解密和加密 PBKDF2,来自C#的Java实现
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM