Java PBEWithMD5AndDES

发布于 2024-08-01 12:53:45 字数 140 浏览 7 评论 0原文

我正在使用基于密码的加密。 我最初的想法是使用 AES 来加密包含密码的文件。 结果基于密码的加密不支持 AES。 它使用 DES。 AFAIK des 并不安全。 PBEWithMD5AndDES 是否足够安全,足以推送我的数据,还是我应该寻找其他实现?

I am using password based encryption. My initial thought was to use AES to encrypt the file which contains passwords. Turns out password based encryption does not support AES. It uses DES. AFAIK des is not secure. Is PBEWithMD5AndDES secure enough to thrust my data or should i look for another implementation?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

無心 2024-08-08 12:53:45

您不应以 salted 以外的任何形式保存密码 哈希摘要

然后,您应该使用操作系统权限系统,使散列密码文件只能由验证密码的用户读取。

You should not be keeping the passwords in any form other than salted hash digests.

You should then use the operating system permission system to make it such that the hashed password file is only readable by the user which validates passwords.

月隐月明月朦胧 2024-08-08 12:53:45

如果您有可用的 Java 6,那么您需要的一切都可用。 查看此问题并查看代码示例的已接受答案。 由于您想要加密文件,因此应将生成的 iv 添加到您正在写入密文的文件之前,以便在解密期间可用。

If you have Java 6 available, everything you need is available. Check out this question and look at the accepted answer for a code sample. Since you want to encrypt files, the iv that is generated should be prepended to the file you are writing the ciphertext to, so that it is available during the decryption.

长伴 2024-08-08 12:53:45

从您的评论看来,您想要做的是使用基于密码的加密方案以及用户在解密时提供的密码来加密包含敏感信息的文件。 在这种情况下,敏感信息也恰好是密码,但这并不真正相关。 (您可能应该更新问题以使其更清楚)。

您正在做正确的事情,您的问题只是 SunJCE Java 加密提供程序不支持 AES 进行基于密码的加密。 您需要使用一个替代提供程序:例如,您可以使用 Bouncy Castle 提供程序算法“PBEWITHSHA256AND128BITAES-CBC-BC”。 (尽管名字很奇怪,但 Bouncy Castle 却很受人尊敬)。

至于“DES 对于我的数据是否足够安全”,如果您所保护的数据对于攻击者来说价值不到大约 10,000 美元,那么早在 2009 年,它可能就足够安全了。 在 2014 年,如果您的数据值得加密,答案是否定的。

It appears from your comments that what you would like to do is to encrypt a file which contains sensitive information, using a password-based encryption scheme, with a password provided by the user at decrypt-time. The sensitive information in this case also happens to be passwords, but that isn't really relevant. (You should probably update the question to make this more clear).

You are doing the right thing, your problem is just that the SunJCE Java cryptography provider doesn't support AES for password-based encryption. You need to use an alternative provider which does: for example, you could use the Bouncy Castle provider with the algorithm "PBEWITHSHA256AND128BITAES-CBC-BC". (Despite the whimsical name, Bouncy Castle is well-respected).

As for "is DES secure enough for my data", well if the data you're protecting would be worth less than roughly $10,000 to an attacker, then back in 2009 it was probably just secure enough. And in 2014, if your data is worth encrypting at all, the answer is no.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文