gpt4 book ai didi

How to implement Scrypt in Java?(如何在Java中实现SCRYPT?)

转载 作者:bug小助手 更新时间:2023-10-24 17:54:22 28 4
gpt4 key购买 nike



I have really been struggling trying to get Bouncy Castle Scrypt going in my web app for password encryption. I am fairly new to programming in Java and security.

我一直在努力尝试在我的网络应用程序中使用Bundy Castle Scret进行密码加密。我对Java和安全编程相当陌生。



I have tried looking at Bouncy Castle's documentation for their Scrypt class. However, I have a really hard time trying to figure out how it works. It doesn't seem to really give much information as to how to create the class or anything like that.

我试着查看了Bouly Castle的Scret类的文档。然而,我真的很难弄清楚它是如何工作的。关于如何创建类或类似的内容,它似乎并没有提供太多信息。



I searched around Stack Exchange and Google to see if there is anywhere that could give me a good example as to what I should do to create this class. I found this question and answer, and I tried it out without creating a class, but that didn't seem to work either.

我在Stack Exchange和Google上搜索了一下,看看有没有什么地方可以给我一个很好的例子,告诉我应该做些什么来创建这个类。我找到了这个问题和答案,并在没有创建类的情况下进行了尝试,但似乎也不起作用。



To top this off, my import doesn't seem to want to work either.

最重要的是,我的进口似乎也不想工作。



This is all of the code that I have:

这是我拥有的所有代码:



import org.bouncycastle.crypto.generators;

public class SCrypt extends java.lang.Object {

public Scrypt(){}

public static byte[] generate(byte[] P,byte[] S,int N,int r,int p,int dkLen) {

}
}


I want to use Scrypt since it seems to be the most secure in encrypting passwords, but it seems next impossible to implement. I'm really close with just going with a PBKDF2 since there is more documentation on it, but I'm hoping that there is someone out there who can help me get this going.

我想使用SCRYPT,因为它似乎是加密密码中最安全的,但它似乎下一步不可能实现。我真的很接近使用PBKDF2,因为有更多关于它的文档,但我希望有人可以帮助我实现这一点。


更多回答

Scrypt will be memory intensive for a server-side web application. Bcrypt might be a better choice.

对于服务器端的Web应用程序来说,SCRYPT将是内存密集型的。加密可能是更好的选择。

Why are you creating another Scrypt class? You just need to import org.bouncycastle.crypto.generators.SCrypt and then use the generate method: SCrypt.generate(parameters...). Make sure to download bouncycastle jars in their site (or include in your pom.xml if you're using maven)

为什么要创建另一个Scret类?您只需要导入org.bouncyCastle.Crypto.Generators.SCypt,然后使用Generate方法:SCryt.Generate(参数...)。确保在他们的站点中下载bouncyCastJAR(如果您使用的是maven,则将其包含在pom.xml中)

优秀答案推荐

Thanks Hugo for the feedback!
After much struggle and searching, I found this website: http://www.itcsolutions.eu/2011/08/22/how-to-use-bouncy-castle-cryptographic-api-in-netbeans-or-eclipse-for-java-jse-projects/

感谢雨果的反馈!经过一番努力和寻找,我找到了这个网站:http://www.itcsolutions.eu/2011/08/22/how-to-use-bouncy-castle-cryptographic-api-in-netbeans-or-eclipse-for-java-jse-projects/



This helped give me a breakdown step-by-step on what I needed to get Bouncy Castle up and running on my computer.
I hope this will help others since I struggled with it for so long to find something that broke this down into layman's terms. :)

这帮助我一步一步地分析了在我的电脑上启动和运行Bundy Castle所需的东西。我希望这会对其他人有所帮助,因为我花了这么长时间才找到一些可以用外行人的话来解释这一点的东西。:)



The Scrypt hashing algorithm is widely used in Java based application (as MD5 and other JDK shipped algorithms are considered easy to break).

SCRYPT散列算法在基于Java的应用程序中被广泛使用(因为MD5和其他JDK附带的算法被认为很容易破解)。


The JDK does not provide SPI for Scrypt so you need to use BouncyCastle provider for Scrypt. You can use below dependency in your project:

JDK不为SCRYPT提供SPI,因此您需要使用BouncyCastle提供程序来进行SCRYPT。您可以在项目中使用以下依赖项:


org.bouncycastle:bcprov-jdk18on:1.76

You can use appropriate version as per your Java version.

您可以根据您的Java版本使用适当的版本。


Now, you need to decide or generate below parameters to define the complexity of for your Scrypt hashing:

现在,您需要决定或生成以下参数来定义加密散列的复杂性:



  • cpuCost (int): Define the cpu cost, must be greater than 1 and less
    than equal to 65536

  • memoryCost (int): Define memory cost, must be greater
    than 1

  • parallelization (int): Define parallelization, must be
    greater than 1 and less than Integer.MAX_VALUE / (128 * memoryCost * 8)

  • keyLength (int): Key length must be greater than 1

  • salt (int): Salt length must be greater than 1


Now you can generate salt in byte array of given salt size as:

现在您可以生成给定盐大小的字节数组中的盐,如下所示:


SecureRandom random = new SecureRandom();

public byte[] generateKey(int keyLength) {
byte[] bytes = new byte[keyLength];
this.random.nextBytes(bytes);
return bytes;
}


Once you generate Salt then you can use below code to encode the given

一旦生成了Salt,您就可以使用下面的代码来编码给定的


var cpuCost = 65536;
var memoryCost = 8;
var parallelization = 1;
var keyLength = 32;
var saltLength = 16;
var rawPassword = "abcdef"; //String to be hashed

var salt = generateKey(saltLength);

byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization, keyLength);
String params = Long.toString( ((int) (Math.log(cpuCost) / Math.log(2)) << 16L) | memoryCost << 8 | parallelization, 16);
StringBuilder sb = new StringBuilder((salt.length + derived.length) * 2);
sb.append("$").append(params).append('$');
sb.append(encodePart(salt)).append('$');
sb.append(encodePart(derived));
val encodedValue = sb.toString();

Scrypt is also used in Spring Security for Password encoding, so if you are already using Spring then you can simple use SCryptPasswordEncoder to encode and match.
This class provide static factory method which is optimized for Spring use like:

Scret还在Spring Security中用于密码编码,所以如果您已经在使用Spring,那么您可以简单地使用SCyptPasswordEncode进行编码和匹配。此类提供了针对Spring使用进行了优化的静态工厂方法,如下所示:


SCryptPasswordEncoder scryptEncoder = SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8();

String hashedValue = scryptEncoder.encode("abcdef");

//To match the encoded string with raw value
boolean isSame = scryptEncoder.matches("abcdef", hashedValue);


Hope it will help you!

希望能对你有所帮助!


更多回答

the link is broken

链接已断开

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com