开发者

Use Spring Security's PasswordEncoder to create AES encrypted based password

开发者 https://www.devze.com 2023-02-25 04:25 出处:网络
I have a requirement to create a AES based encrypted password.I\'m using Spring Security 3.0.5\'s PasswordEncoder.开发者_如何学运维endcodePassword method and passing in AES, but I\'m unsure if thats t

I have a requirement to create a AES based encrypted password. I'm using Spring Security 3.0.5's PasswordEncoder.开发者_如何学运维endcodePassword method and passing in AES, but I'm unsure if thats the proper technique...

passwordEncoder.encodePassword("xyz", "AES")


It's a very strange requirement. The usual password storage strategy is to store their hashes. It prevents malicious person from obtaining passwords if he managed to get access to your database. Spring Security's built-in password encoders implement this approach.

The idea to use symmetric encryption to store passwords in the database appears to be less secure, since you need to store secret key somewhere in your application, and it's likely that if malicious person gets access to your database, he can also get access to your secret key, so that he can decrypt your passwords.

However, if you rellay need to follow that approach, you can implement your own PasswordEncoder that gets secret key and uses AES encryption, based on some tutorial on using AES in Java.

0

精彩评论

暂无评论...
验证码 换一张
取 消