Beispiel #1
0
  /** 设定安全的密码,生成随机的salt并经过1024次 sha-1 hash */
  private void entryptPassword(User user) {
    byte[] salt = Digests.generateSalt(SALT_SIZE);
    user.setSalt(Encodes.encodeHex(salt));

    byte[] hashPassword = Digests.sha1(user.getPlainPassword().getBytes(), salt, HASH_INTERATIONS);
    user.setPassword(Encodes.encodeHex(hashPassword));
  }
Beispiel #2
0
 /**
  * 验证原密码是否正确
  *
  * @param user
  * @param oldPwd
  * @return
  */
 public boolean checkPassword(User user, String oldPassword) {
   byte[] salt = Encodes.decodeHex(user.getSalt());
   byte[] hashPassword = Digests.sha1(oldPassword.getBytes(), salt, HASH_INTERATIONS);
   if (user.getPassword().equals(Encodes.encodeHex(hashPassword))) {
     return true;
   } else {
     return false;
   }
 }