/** 设定安全的密码,生成随机的salt并经过1024次 sha-1 hash */ private void entryptPassword(User user) { byte[] salt = Digests.generateSalt(SALT_SIZE); user.setSalt(Encodes.encodeHex(salt)); byte[] hashPassword = Digests.sha1(user.getPlainPassword().getBytes(), salt, HASH_INTERATIONS); user.setPassword(Encodes.encodeHex(hashPassword)); }
/** * 验证原密码是否正确 * * @param user * @param oldPwd * @return */ public boolean checkPassword(User user, String oldPassword) { byte[] salt = Encodes.decodeHex(user.getSalt()); byte[] hashPassword = Digests.sha1(oldPassword.getBytes(), salt, HASH_INTERATIONS); if (user.getPassword().equals(Encodes.encodeHex(hashPassword))) { return true; } else { return false; } }