blocks|key|1031611|text|BCrypt是一个非常好的库，并且有它的Java+port。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1031612|entityMap|0|LINK|mutability|MUTABLE|url|http://www.mindrot.org/projects/jBCrypt/^0|K|9|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

BCrypt is a very good library, and there is a <a href="http://www.mindrot.org/projects/jBCrypt/" rel="noreferrer">Java port</a> of it.

blocks|key|1246643|text|您可以使用MessageDigest计算散列，但从安全性的角度来看，这是错误的。散列不能用于存储密码，因为它们很容易被破解。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1246644|您应该使用另一种算法，如bcrypt，PBKDF2和scrypt来存储您的密码。See+here。|1246645|entityMap|0|LINK|mutability|MUTABLE|url|http://java.sun.com/javase/6/docs/api/java/security/MessageDigest.html|1|http://techblog.bozho.net/bcrypt-salt-its-the-bare-minimum/^0|5|D|5|D|0|0|14|8|1|0^^$0|@$1|2|3|4|5|6|7|R|8|@$9|S|A|T|B|C]]|D|@$9|U|A|V|1|W]]|E|$]]|$1|F|3|G|5|6|7|X|8|@]|D|@$9|Y|A|Z|1|10]]|E|$]]|$1|H|3|-4|5|6|7|11|8|@]|D|@]|E|$]]]|I|$J|$5|K|L|M|E|$N|O]]|P|$5|K|L|M|E|$N|Q]]]]

You can comput hashes using <a href="http://java.sun.com/javase/6/docs/api/java/security/MessageDigest.html" rel="nofollow noreferrer"><code>MessageDigest</code></a>, but this is wrong in terms of security. Hashes are not to be used for storing passwords, as they are easily breakable. 

You should use another algorithm like bcrypt, PBKDF2 and scrypt to store you passwords. <a href="http://techblog.bozho.net/bcrypt-salt-its-the-bare-minimum/" rel="nofollow noreferrer">See here</a>.

blocks|key|1031672|text|这里有两个用于MD5散列和其他散列方法的链接：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1031673|Javadoc+API：https://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html|offset|length|1031674|教程：http://www.twmacinta.com/myjava/fast_md5.php|1031675|entityMap|0|LINK|mutability|MUTABLE|url|https://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html|1|http://www.twmacinta.com/myjava/fast_md5.php^0|0|C|26|0|0|3|18|1|0^^$0|@$1|2|3|4|5|6|7|R|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|S|8|@]|9|@$D|T|E|U|1|V]]|A|$]]|$1|F|3|G|5|6|7|W|8|@]|9|@$D|X|E|Y|1|Z]]|A|$]]|$1|H|3|-4|5|6|7|10|8|@]|9|@]|A|$]]]|I|$J|$5|K|L|M|A|$N|O]]|P|$5|K|L|M|A|$N|Q]]]]

Here you have two links for MD5 hashing and other hash methods:
Javadoc API: <a href="https://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html" rel="nofollow noreferrer">https://docs.oracle.com/javase/1.5.0/docs/api/java/security/MessageDigest.html</a>
Tutorial: <a href="http://www.twmacinta.com/myjava/fast_md5.php" rel="nofollow noreferrer">http://www.twmacinta.com/myjava/fast_md5.php</a>

blocks|key|1031710|text|在所有标准散列方案中，LDAP+ssha是使用的最安全的方案，|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1031711|http://www.openldap.org/faq/data/cache/347.html|offset|length|1031712|我只需要遵循那里指定的算法，并使用MessageDigest来做散列。|1031713|您需要按照您的建议将盐存储在数据库中。|1031714|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|1B|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|R|8|@]|9|@$D|S|E|T|1|U]]|A|$]]|$1|F|3|G|5|6|7|V|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|W|8|@]|9|@]|A|$]]|$1|J|3|-4|5|6|7|X|8|@]|9|@]|A|$]]]|K|$L|$5|M|N|O|A|$P|C]]]]

Among all the standard hash schemes, LDAP ssha is the most secure one to use,

<a href="http://www.openldap.org/faq/data/cache/347.html" rel="nofollow noreferrer">http://www.openldap.org/faq/data/cache/347.html</a>

I would just follow the algorithms specified there and use MessageDigest to do the hash.

You need to store the salt in your database as you suggested.

blocks|key|1246743|text|实际上，您可以使用Java运行时中内置的工具来完成此操作。Java6中的SunJCE支持PBKDF2，这是用于密码散列的一个很好的算法。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1246744|byte[]+salt+=+new+byte[16];
random.nextBytes(salt);
KeySpec+spec+=+new+PBEKeySpec("password".toCharArray(),+salt,+65536,+128);
SecretKeyFactory+f+=+SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[]+hash+=+f.generateSecret(spec).getEncoded();
Base64.Encoder+enc+=+Base64.getEncoder();
System.out.printf("salt:+%25s%25n",+enc.encodeToString(salt));
System.out.printf("hash:+%25s%25n",+enc.encodeToString(hash));|code-block|syntax|javascript|1246745|下面是一个可用于PBKDF2密码身份验证的实用程序类：|1246746|import+java.security.NoSuchAlgorithmException;
import+java.security.SecureRandom;
import+java.security.spec.InvalidKeySpecException;
import+java.security.spec.KeySpec;
import+java.util.Arrays;
import+java.util.Base64;
import+java.util.regex.Matcher;
import+java.util.regex.Pattern;

import+javax.crypto.SecretKeyFactory;
import+javax.crypto.spec.PBEKeySpec;

/**
+*+Hash+passwords+for+storage,+and+test+passwords+against+password+tokens.
+*+
+*+Instances+of+this+class+can+be+used+concurrently+by+multiple+threads.
+*++
+*+@author+erickson
+*+@see+<a+href="http://stackoverflow.com/a/2861125/3474">StackOverflow</a>
+*/
public+final+class+PasswordAuthentication
{

++/**
+++*+Each+token+produced+by+this+class+uses+this+identifier+as+a+prefix.
+++*/
++public+static+final+String+ID+=+"$31$";

++/**
+++*+The+minimum+recommended+cost,+used+by+default
+++*/
++public+static+final+int+DEFAULT_COST+=+16;

++private+static+final+String+ALGORITHM+=+"PBKDF2WithHmacSHA1";

++private+static+final+int+SIZE+=+128;

++private+static+final+Pattern+layout+=+Pattern.compile("\\$31\\$(\\d\\d?)\\$(.{43})");

++private+final+SecureRandom+random;

++private+final+int+cost;

++public+PasswordAuthentication()
++{
++++this(DEFAULT_COST);
++}

++/**
+++*+Create+a+password+manager+with+a+specified+cost
+++*+
+++*+@param+cost+the+exponential+computational+cost+of+hashing+a+password,+0+to+30
+++*/
++public+PasswordAuthentication(int+cost)
++{
++++iterations(cost);+/*+Validate+cost+*/
++++this.cost+=+cost;
++++this.random+=+new+SecureRandom();
++}

++private+static+int+iterations(int+cost)
++{
++++if+((cost+<+0)+%7C%7C+(cost+>+30))
++++++throw+new+IllegalArgumentException("cost:+"+%2B+cost);
++++return+1+<<+cost;
++}

++/**
+++*+Hash+a+password+for+storage.
+++*+
+++*+@return+a+secure+authentication+token+to+be+stored+for+later+authentication+
+++*/
++public+String+hash(char[]+password)
++{
++++byte[]+salt+=+new+byte[SIZE+/+8];
++++random.nextBytes(salt);
++++byte[]+dk+=+pbkdf2(password,+salt,+1+<<+cost);
++++byte[]+hash+=+new+byte[salt.length+%2B+dk.length];
++++System.arraycopy(salt,+0,+hash,+0,+salt.length);
++++System.arraycopy(dk,+0,+hash,+salt.length,+dk.length);
++++Base64.Encoder+enc+=+Base64.getUrlEncoder().withoutPadding();
++++return+ID+%2B+cost+%2B+'$'+%2B+enc.encodeToString(hash);
++}

++/**
+++*+Authenticate+with+a+password+and+a+stored+password+token.
+++*+
+++*+@return+true+if+the+password+and+token+match
+++*/
++public+boolean+authenticate(char[]+password,+String+token)
++{
++++Matcher+m+=+layout.matcher(token);
++++if+(!m.matches())
++++++throw+new+IllegalArgumentException("Invalid+token+format");
++++int+iterations+=+iterations(Integer.parseInt(m.group(1)));
++++byte[]+hash+=+Base64.getUrlDecoder().decode(m.group(2));
++++byte[]+salt+=+Arrays.copyOfRange(hash,+0,+SIZE+/+8);
++++byte[]+check+=+pbkdf2(password,+salt,+iterations);
++++int+zero+=+0;
++++for+(int+idx+=+0;+idx+<+check.length;+%2B%2Bidx)
++++++zero+%7C=+hash[salt.length+%2B+idx]+%5E+check[idx];
++++return+zero+==+0;
++}

++private+static+byte[]+pbkdf2(char[]+password,+byte[]+salt,+int+iterations)
++{
++++KeySpec+spec+=+new+PBEKeySpec(password,+salt,+iterations,+SIZE);
++++try+{
++++++SecretKeyFactory+f+=+SecretKeyFactory.getInstance(ALGORITHM);
++++++return+f.generateSecret(spec).getEncoded();
++++}
++++catch+(NoSuchAlgorithmException+ex)+{
++++++throw+new+IllegalStateException("Missing+algorithm:+"+%2B+ALGORITHM,+ex);
++++}
++++catch+(InvalidKeySpecException+ex)+{
++++++throw+new+IllegalStateException("Invalid+SecretKeyFactory",+ex);
++++}
++}

++/**
+++*+Hash+a+password+in+an+immutable+{@code+String}.+
+++*+
+++*+Passwords+should+be+stored+in+a+{@code+char[]}+so+that+it+can+be+filled+
+++*+with+zeros+after+use+instead+of+lingering+on+the+heap+and+elsewhere.
+++*+
+++*+@deprecated+Use+{@link+#hash(char[])}+instead
+++*/
++@Deprecated
++public+String+hash(String+password)
++{
++++return+hash(password.toCharArray());
++}

++/**
+++*+Authenticate+with+a+password+in+an+immutable+{@code+String}+and+a+stored+
+++*+password+token.+
+++*+
+++*+@deprecated+Use+{@link+#authenticate(char[],String)}+instead.
+++*+@see+#hash(String)
+++*/
++@Deprecated
++public+boolean+authenticate(String+password,+String+token)
++{
++++return+authenticate(password.toCharArray(),+token);
++}

}|1246747|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

You can actually use a facility built in to the Java runtime to do this. The SunJCE in Java 6 supports PBKDF2, which is a good algorithm to use for password hashing.

<pre><code>byte[] salt = new byte[16];
random.nextBytes(salt);
KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 65536, 128);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = f.generateSecret(spec).getEncoded();
Base64.Encoder enc = Base64.getEncoder();
System.out.printf("salt: %s%n", enc.encodeToString(salt));
System.out.printf("hash: %s%n", enc.encodeToString(hash));
</code></pre>

Here's a utility class that you can use for PBKDF2 password authentication:

<pre><code>import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/**
 * Hash passwords for storage, and test passwords against password tokens.
 * 
 * Instances of this class can be used concurrently by multiple threads.
 * 
 * @author erickson
 * @see &lt;a href="http://stackoverflow.com/a/2861125/3474"&gt;StackOverflow&lt;/a&gt;
 */
public final class PasswordAuthentication
{

 /**
 * Each token produced by this class uses this identifier as a prefix.
 */
 public static final String ID = "$31$";

 /**
 * The minimum recommended cost, used by default
 */
 public static final int DEFAULT_COST = 16;

 private static final String ALGORITHM = "PBKDF2WithHmacSHA1";

 private static final int SIZE = 128;

 private static final Pattern layout = Pattern.compile("\\$31\\$(\\d\\d?)\\$(.{43})");

 private final SecureRandom random;

 private final int cost;

 public PasswordAuthentication()
 {
 this(DEFAULT_COST);
 }

 /**
 * Create a password manager with a specified cost
 * 
 * @param cost the exponential computational cost of hashing a password, 0 to 30
 */
 public PasswordAuthentication(int cost)
 {
 iterations(cost); /* Validate cost */
 this.cost = cost;
 this.random = new SecureRandom();
 }

 private static int iterations(int cost)
 {
 if ((cost &lt; 0) || (cost &gt; 30))
 throw new IllegalArgumentException("cost: " + cost);
 return 1 &lt;&lt; cost;
 }

 /**
 * Hash a password for storage.
 * 
 * @return a secure authentication token to be stored for later authentication 
 */
 public String hash(char[] password)
 {
 byte[] salt = new byte[SIZE / 8];
 random.nextBytes(salt);
 byte[] dk = pbkdf2(password, salt, 1 &lt;&lt; cost);
 byte[] hash = new byte[salt.length + dk.length];
 System.arraycopy(salt, 0, hash, 0, salt.length);
 System.arraycopy(dk, 0, hash, salt.length, dk.length);
 Base64.Encoder enc = Base64.getUrlEncoder().withoutPadding();
 return ID + cost + '$' + enc.encodeToString(hash);
 }

 /**
 * Authenticate with a password and a stored password token.
 * 
 * @return true if the password and token match
 */
 public boolean authenticate(char[] password, String token)
 {
 Matcher m = layout.matcher(token);
 if (!m.matches())
 throw new IllegalArgumentException("Invalid token format");
 int iterations = iterations(Integer.parseInt(m.group(1)));
 byte[] hash = Base64.getUrlDecoder().decode(m.group(2));
 byte[] salt = Arrays.copyOfRange(hash, 0, SIZE / 8);
 byte[] check = pbkdf2(password, salt, iterations);
 int zero = 0;
 for (int idx = 0; idx &lt; check.length; ++idx)
 zero |= hash[salt.length + idx] ^ check[idx];
 return zero == 0;
 }

 private static byte[] pbkdf2(char[] password, byte[] salt, int iterations)
 {
 KeySpec spec = new PBEKeySpec(password, salt, iterations, SIZE);
 try {
 SecretKeyFactory f = SecretKeyFactory.getInstance(ALGORITHM);
 return f.generateSecret(spec).getEncoded();
 }
 catch (NoSuchAlgorithmException ex) {
 throw new IllegalStateException("Missing algorithm: " + ALGORITHM, ex);
 }
 catch (InvalidKeySpecException ex) {
 throw new IllegalStateException("Invalid SecretKeyFactory", ex);
 }
 }

 /**
 * Hash a password in an immutable {@code String}. 
 * 
 * &lt;p&gt;Passwords should be stored in a {@code char[]} so that it can be filled 
 * with zeros after use instead of lingering on the heap and elsewhere.
 * 
 * @deprecated Use {@link #hash(char[])} instead
 */
 @Deprecated
 public String hash(String password)
 {
 return hash(password.toCharArray());
 }

 /**
 * Authenticate with a password in an immutable {@code String} and a stored 
 * password token. 
 * 
 * @deprecated Use {@link #authenticate(char[],String)} instead.
 * @see #hash(String)
 */
 @Deprecated
 public boolean authenticate(String password, String token)
 {
 return authenticate(password.toCharArray(), token);
 }

}
</code></pre>

blocks|key|1031776|text|您可以使用OWASP所描述的Shiro库(以前称为JSecurity)的implementation。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1031777|它看起来像是JASYPT库有一个similar+utility。|1031778|entityMap|0|LINK|mutability|MUTABLE|url|http://www.owasp.org/index.php/Hashing_Java|1|https://cwiki.apache.org/confluence/display/SHIRO/Index|2|http://www.jsecurity.org/|3|http://www.jsecurity.org/api/org/jsecurity/crypto/hash/package-summary.html|4|http://www.jasypt.org/api/jasypt/apidocs/org/jasypt/digest/StandardStringDigester.html^0|5|5|0|E|5|1|P|9|2|10|E|3|0|G|F|4|0^^$0|@$1|2|3|4|5|6|7|V|8|@]|9|@$A|W|B|X|1|Y]|$A|Z|B|10|1|11]|$A|12|B|13|1|14]|$A|15|B|16|1|17]]|C|$]]|$1|D|3|E|5|6|7|18|8|@]|9|@$A|19|B|1A|1|1B]]|C|$]]|$1|F|3|-4|5|6|7|1C|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]|N|$5|I|J|K|C|$L|O]]|P|$5|I|J|K|C|$L|Q]]|R|$5|I|J|K|C|$L|S]]|T|$5|I|J|K|C|$L|U]]]]

You can use the <a href="https://cwiki.apache.org/confluence/display/SHIRO/Index" rel="noreferrer" title="Shiro">Shiro</a> library's (formerly <a href="http://www.jsecurity.org/" rel="noreferrer" title="JSecurity">JSecurity</a>) <a href="http://www.jsecurity.org/api/org/jsecurity/crypto/hash/package-summary.html" rel="noreferrer" title="JSecurity Hashing Utilities">implementation</a> of what is described by <a href="http://www.owasp.org/index.php/Hashing_Java" rel="noreferrer" title="OWASP">OWASP</a>. 

It also looks like the JASYPT library has a <a href="http://www.jasypt.org/api/jasypt/apidocs/org/jasypt/digest/StandardStringDigester.html" rel="noreferrer" title="JASYPT Hashing">similar utility</a>.

blocks|key|1246814|text|您可以使用Spring+Security+Crypto+(只有2+optional+compile+dependencies)，它支持PBKDF2、BCrypt、SCrypt和Argon2密码加密。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1246815|Argon2PasswordEncoder+argon2PasswordEncoder+=+new+Argon2PasswordEncoder();
String+aCryptedPassword+=+argon2PasswordEncoder.encode("password");
boolean+passwordIsValid+=+argon2PasswordEncoder.matches("password",+aCryptedPassword);|code-block|syntax|javascript|1246816|SCryptPasswordEncoder+sCryptPasswordEncoder+=+new+SCryptPasswordEncoder();
String+sCryptedPassword+=+sCryptPasswordEncoder.encode("password");
boolean+passwordIsValid+=+sCryptPasswordEncoder.matches("password",+sCryptedPassword);|1246817|BCryptPasswordEncoder+bCryptPasswordEncoder+=+new+BCryptPasswordEncoder();
String+bCryptedPassword+=+bCryptPasswordEncoder.encode("password");
boolean+passwordIsValid+=+bCryptPasswordEncoder.matches("password",+bCryptedPassword);|1246818|Pbkdf2PasswordEncoder+pbkdf2PasswordEncoder+=+new+Pbkdf2PasswordEncoder();
String+pbkdf2CryptedPassword+=+pbkdf2PasswordEncoder.encode("password");
boolean+passwordIsValid+=+pbkdf2PasswordEncoder.matches("password",+pbkdf2CryptedPassword);|1246819|entityMap|0|LINK|mutability|MUTABLE|url|https://spring.io/projects/spring-security|1|https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/reference/htmlsingle/#crypto|2|https://mvnrepository.com/artifact/org.springframework.security/spring-security-crypto/5.1.4.RELEASE|3|https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.html|4|https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/bcrypt/package-frame.html|5|https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.html|6|https://docs.spring.io/spring-security/site/docs/5.2.0.RELEASE/api/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.html^0|5|F|0|L|6|1|V|V|2|1V|6|3|22|6|4|29|6|5|2G|6|6|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|18|8|@]|9|@$A|19|B|1A|1|1B]|$A|1C|B|1D|1|1E]|$A|1F|B|1G|1|1H]|$A|1I|B|1J|1|1K]|$A|1L|B|1M|1|1N]|$A|1O|B|1P|1|1Q]|$A|1R|B|1S|1|1T]]|C|$]]|$1|D|3|E|5|F|7|1U|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|F|7|1V|8|@]|9|@]|C|$G|H]]|$1|K|3|L|5|F|7|1W|8|@]|9|@]|C|$G|H]]|$1|M|3|N|5|F|7|1X|8|@]|9|@]|C|$G|H]]|$1|O|3|-4|5|6|7|1Y|8|@]|9|@]|C|$]]]|P|$Q|$5|R|S|T|C|$U|V]]|W|$5|R|S|T|C|$U|X]]|Y|$5|R|S|T|C|$U|Z]]|10|$5|R|S|T|C|$U|11]]|12|$5|R|S|T|C|$U|13]]|14|$5|R|S|T|C|$U|15]]|16|$5|R|S|T|C|$U|17]]]]

You could use <a href="https://spring.io/projects/spring-security" rel="noreferrer">Spring Security</a> <a href="https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/reference/htmlsingle/#crypto" rel="noreferrer">Crypto</a> (has only <a href="https://mvnrepository.com/artifact/org.springframework.security/spring-security-crypto/5.1.4.RELEASE" rel="noreferrer">2 optional compile dependencies</a>), which supports <a href="https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.html" rel="noreferrer">PBKDF2</a>, <a href="https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/bcrypt/package-frame.html" rel="noreferrer">BCrypt</a>, <a href="https://docs.spring.io/spring-security/site/docs/5.1.4.RELEASE/api/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.html" rel="noreferrer">SCrypt</a> and <a href="https://docs.spring.io/spring-security/site/docs/5.2.0.RELEASE/api/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.html" rel="noreferrer">Argon2</a> password encryption.

<pre class="lang-java prettyprint-override"><code>Argon2PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
String aCryptedPassword = argon2PasswordEncoder.encode("password");
boolean passwordIsValid = argon2PasswordEncoder.matches("password", aCryptedPassword);
</code></pre>

<pre class="lang-java prettyprint-override"><code>SCryptPasswordEncoder sCryptPasswordEncoder = new SCryptPasswordEncoder();
String sCryptedPassword = sCryptPasswordEncoder.encode("password");
boolean passwordIsValid = sCryptPasswordEncoder.matches("password", sCryptedPassword);
</code></pre>

<pre class="lang-java prettyprint-override"><code>BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String bCryptedPassword = bCryptPasswordEncoder.encode("password");
boolean passwordIsValid = bCryptPasswordEncoder.matches("password", bCryptedPassword);
</code></pre>

<pre class="lang-java prettyprint-override"><code>Pbkdf2PasswordEncoder pbkdf2PasswordEncoder = new Pbkdf2PasswordEncoder();
String pbkdf2CryptedPassword = pbkdf2PasswordEncoder.encode("password");
boolean passwordIsValid = pbkdf2PasswordEncoder.matches("password", pbkdf2CryptedPassword);
</code></pre>

blocks|key|1246888|text|我从udemy上的一段视频中学到了这一点，并将其编辑为更强的随机密码|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1246889|}

private+String+pass()+{
++++++++String+passswet="1234567890zxcvbbnmasdfghjklop[iuytrtewq@#$%25%5E&*"+;

++++++++char+icon1;
++++++++char[]+t=new+char[20];

+++++++++int+rand1=(int)(Math.random()*6)%2B38;//to+make+a+random+within+the+range+of+special+characters

++++++++++++icon1=passswet.charAt(rand1);//will+produce+char+with+a+special+character

++++++++int+i=0;
++++++++while(+i+<11)+{

+++++++++++++int+rand=(int)(Math.random()*passswet.length());
+++++++++++++//notice+(int)+as+the+original+value+of+Math>random()+is+double

+++++++++++++t[i]+=passswet.charAt(rand);

+++++++++++++i%2B%2B;
++++++++++++++++t[10]=icon1;
//to+replace+the+specified+item+with+icon1
+++++++++}
++++++++return+new+String(t);
}






}|code-block|syntax|javascript|1246890|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

i leaned that from a video on udemy and edited to be stronger random password

<pre><code>}

private String pass() {
 String passswet="1234567890zxcvbbnmasdfghjklop[iuytrtewq@#$%^&amp;*" ;

 char icon1;
 char[] t=new char[20];

 int rand1=(int)(Math.random()*6)+38;//to make a random within the range of special characters

 icon1=passswet.charAt(rand1);//will produce char with a special character

 int i=0;
 while( i &lt;11) {

 int rand=(int)(Math.random()*passswet.length());
 //notice (int) as the original value of Math&gt;random() is double

 t[i] =passswet.charAt(rand);

 i++;
 t[10]=icon1;
//to replace the specified item with icon1
 }
 return new String(t);
}






}
</code></pre>

I need to hash passwords for storage in a database. How can I do this in Java?

I was hoping to take the plain text password, add a random salt, then store the salt and the hashed password in the database.

Then when a user wanted to log in, I could take their submitted password, add the random salt from their account information, hash it and see if it equates to the stored hash password with their account information.

How can I hash a password in Java?

身份验证

数据库

Java

我需要对密码进行哈希处理，以便存储在数据库中。我如何在Java中做到这一点？我希望获得明文密码，添加一个随机的盐，然后将盐和散列密码存储在数据库中。然后，当用户想要登录时，我可以获取他们提交的密码，从他们的帐户信息中添加随机盐，对其进行散列，看看它是否与存储的散列密码与他们的帐户信息相等。

问如何在Java中散列密码？
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在Java中散列密码？EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在Java中散列密码？
EN