Hashing in Java -> Get password from hash & salt

2019-09-05 01:29发布

I have an issue with password hashing.

I would like to use a hashing function just like this one here:

Hashing Java (OWASP)

With this function I can hash passwords before I save them into my database.

BUT

In my application I use the password then to log in to different servers (like a mail-server) but inside the javacode I need the password not hashed but rather as a plain text password.

So now I'm wondering how I can extract the plain text password again (hash + salt is stored in the DB and hash-function/ iteration count is known) to use it to log in to my different servers.

Does anyone know how to do that? (preferably in a way that I can uses the linked OWASP Code to hash my passwords)

EDIT : It seems like encryption would be the way to go here, but is this an acceptable solution (as encryption is not that safe)? I would go with a high iteration count and salt anyway.

标签: java hash
2条回答
叼着烟拽天下
2楼-- · 2019-09-05 01:37

The entire purpose of a hash is to be irreversible. If you could get the plain-text password back it would defeat the purpose of the hash, and would also be a security vulnerability.

查看更多
SAY GOODBYE
3楼-- · 2019-09-05 02:03

The point of hashing a password is that when somebody gets their hands on the hash, they are not meant to be able to reverse it. This is the entire purpose of this security measure. What you actually want to do is take the user input, hash it using the same algorithm, and compare that hash to whatever you have stored in the database. Here's a great link explaining the process in detail.

查看更多
登录 后发表回答