h****t
发帖数: 129 | 1 我们旧的DB用户密码是用SHA-1 加密的, 现在要升级成SHA-512.
如何把旧的所有用户密码从新加密成SHA-512?
难道要 decrypt 所有的SHA-1密码然后在用SHA-512 algorithm encrypt? 加密一般是
单向的,我找了半天也找不到decrypt 的方法。
牛牛们有什么好的方法升级现有的密码系统?
谢谢 | g*****g
发帖数: 34805 | 2 直接在现有加密的密码上用SHA-512加密不就得了,登录的时候
SHA-1加一遍,SHA-512再加一遍比。
【在 h****t 的大作中提到】
: 我们旧的DB用户密码是用SHA-1 加密的, 现在要升级成SHA-512.
: 如何把旧的所有用户密码从新加密成SHA-512?
: 难道要 decrypt 所有的SHA-1密码然后在用SHA-512 algorithm encrypt? 加密一般是
: 单向的,我找了半天也找不到decrypt 的方法。
: 牛牛们有什么好的方法升级现有的密码系统?
: 谢谢
| h****t
发帖数: 129 | 3 不行吧。 登录校验的加密算法实在spring里设置的, 好象只能设一种算法。
不能设两道。
【在 g*****g 的大作中提到】
: 直接在现有加密的密码上用SHA-512加密不就得了,登录的时候
: SHA-1加一遍,SHA-512再加一遍比。
| F****n
发帖数: 3271 | 4 Provide your own PasswordEncoder interface implementation
【在 h****t 的大作中提到】
: 不行吧。 登录校验的加密算法实在spring里设置的, 好象只能设一种算法。
: 不能设两道。
| j**z
发帖数: 109 | 5 SHA is hashing, and lots of people like to call it one-way encryption.
However, calling it "encryption" actually causes a lot of misunderstanding,
and personally I always hate to call it encryption, because when you think "
encryption", you will naturally think about "decryption". SHA is design to
do one-way hashing, basically you can't "decrypt" a SHA value, otherwise, it
is a algorithm or implementation flaw.
goodbug's suggestion is a good one to make your application look with better
security. But in fact, it does not provide any real benefit at all as the
password is still subject to all weakness SHA1 has. | h****t
发帖数: 129 | 6 谢谢各位牛牛。
加两道密码算法的问题不太适合新登记的用户。因为新用户, 直接就用SHA512登记密
码啦。主要是user registration, forget password, password expiration 这些都是
我们自己的code, 可以改算法和层叠算法。 只是登录是spring security 控制的, 没
有实际的code, 也懒得去修改。
我现在想的 walk around 的方法是, expired all existing user's password. 让
user 重新输入新密码。 原来的安全设置是, 用户必须输入旧密码校验, 才能输入新
密码. 我想table里多加一栏保存原来的sha1密码, 旧密码校验用sha1验证, 输入新
密码用sha512存储。 登录还是用sha512一道算法校验。这样算可行吧。
,
"
it
better
【在 j**z 的大作中提到】
: SHA is hashing, and lots of people like to call it one-way encryption.
: However, calling it "encryption" actually causes a lot of misunderstanding,
: and personally I always hate to call it encryption, because when you think "
: encryption", you will naturally think about "decryption". SHA is design to
: do one-way hashing, basically you can't "decrypt" a SHA value, otherwise, it
: is a algorithm or implementation flaw.
: goodbug's suggestion is a good one to make your application look with better
: security. But in fact, it does not provide any real benefit at all as the
: password is still subject to all weakness SHA1 has.
|
|
