实际上,你可以使用Java运行时内置的工具来执行此操作。Java 6中的SunJCE支持PBKDF2,这是用于密码哈希的一种很好的算法。
byte[] salt = new byte[16];random.nextBytes(salt);KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 65536, 128);SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");byte[] hash = f.generateSecret(spec).getEnpred();base64.Enprer enc = base64.getEnprer();System.out.printf("salt: %s%n", enc.enpreToString(salt));System.out.printf("hash: %s%n", enc.enpreToString(hash));这是可用于PBKDF2密码身份验证的实用程序类:
import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import java.security.spec.InvalidKeySpecException;import java.security.spec.KeySpec;import java.util.Arrays;import java.util.base64;import java.util.regex.Matcher;import java.util.regex.Pattern;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.PBEKeySpec;public final class PasswordAuthentication{ public static final String ID = "$31$"; public static final int DEFAULT_COST = 16; private static final String ALGORITHM = "PBKDF2WithHmacSHA1"; private static final int SIZE = 128; private static final Pattern layout = Pattern.compile("\$31\$(\d\d?)\$(.{43})"); private final SecureRandom random; private final int cost; public PasswordAuthentication() { this(DEFAULT_COST); } public PasswordAuthentication(int cost) { iterations(cost); this.cost = cost; this.random = new SecureRandom(); } private static int iterations(int cost) { if ((cost < 0) || (cost > 30)) throw new IllegalArgumentException("cost: " + cost); return 1 << cost; } public String hash(char[] password) { byte[] salt = new byte[SIZE / 8]; random.nextBytes(salt); byte[] dk = pbkdf2(password, salt, 1 << cost); byte[] hash = new byte[salt.length + dk.length]; System.arraycopy(salt, 0, hash, 0, salt.length); System.arraycopy(dk, 0, hash, salt.length, dk.length); base64.Enprer enc = base64.getUrlEnprer().withoutPadding(); return ID + cost + '$' + enc.enpreToString(hash); } public boolean authenticate(char[] password, String token) { Matcher m = layout.matcher(token); if (!m.matches()) throw new IllegalArgumentException("Invalid token format"); int iterations = iterations(Integer.parseInt(m.group(1))); byte[] hash = base64.getUrlDeprer().depre(m.group(2)); byte[] salt = Arrays.copyOfRange(hash, 0, SIZE / 8); byte[] check = pbkdf2(password, salt, iterations); int zero = 0; for (int idx = 0; idx < check.length; ++idx) zero |= hash[salt.length + idx] ^ check[idx]; return zero == 0; } private static byte[] pbkdf2(char[] password, byte[] salt, int iterations) { KeySpec spec = new PBEKeySpec(password, salt, iterations, SIZE); try { SecretKeyFactory f = SecretKeyFactory.getInstance(ALGORITHM); return f.generateSecret(spec).getEnpred(); } catch (NoSuchAlgorithmException ex) { throw new IllegalStateException("Missing algorithm: " + ALGORITHM, ex); } catch (InvalidKeySpecException ex) { throw new IllegalStateException("Invalid SecretKeyFactory", ex); } } @Deprecated public String hash(String password) { return hash(password.toCharArray()); } @Deprecated public boolean authenticate(String password, String token) { return authenticate(password.toCharArray(), token); }}
