Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to encrypt Java through BCrypt". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to encrypt Java through BCrypt.

I. Overview

In the user module, the protection of user passwords is usually encrypted. We usually encrypt the password and then store it in the database. When the user logs in, the password entered is encrypted and compared with the ciphertext stored in the database to verify whether the user's password is correct.

At present, MD5 and BCrypt are more popular. Relatively speaking, BCrypt is more secure than MD5, but the encryption is slower.

Second, use BCrypt

First of all, you can get the source code from the official website

It is then compiled through Ant. After compilation, you get jbcrypt.jar. You can also use the java file in the source code (itself is only a file) without compiling. Here is a Demo on the official website.

Public class BCryptDemo {public static void main (String [] args) {/ / Hash a password for the first time String password = "testpassword"; String hashed = BCrypt.hashpw (password, BCrypt.gensalt ()); System.out.println (hashed); / / gensalt's log_rounds parameter determines the complexity / / the work factor is 2**log_rounds, and the default is 10 String hashed2 = BCrypt.hashpw (password, BCrypt.gensalt (12)) / / Check that an unencrypted password matches one that has / / previously been hashed String candidate = "testpassword"; / / String candidate = "wrongtestpassword"; if (BCrypt.checkpw (candidate, hashed)) System.out.println ("It matches"); else System.out.println ("It does not match");}}

In this case,

BCrypt.hashpw (password, BCrypt.gensalt ())

It's the core. Password is encrypted by calling the static method hashpw of the BCrypt class. The second parameter is what we usually call adding salt.

BCrypt.checkpw (candidate, hashed)

This method is to compare the passwords later entered by the user. If there is a match, return true.

Third, add salt

If two or more people have the same password, encrypted and saved will get the same result. You can break a password by breaking one. If a user named A can view the database, then he can observe that his password is the same as that of others, so that others use the same password as they do, so that they can log in using someone else's identity.

In fact, as long as a little confusion can be prevented, which is called "adding salt" in encryption terminology. Specifically, other components (usually user-owned and constant factors) are added to the original material (user-defined password) to increase the complexity of the system. When this salt is combined with the user password, and then through the summary processing, you can get a more hidden summary value.

At this point, I believe you have a deeper understanding of "how to encrypt Java through BCrypt". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.