Instant Java Password and Authentication Security

Fernando Mayoral

  • 出版商: Packt Publishing
  • 出版日期: 2013-12-05
  • 售價: $1,320
  • 貴賓價: 9.5$1,254
  • 語言: 英文
  • 頁數: 38
  • 裝訂: Paperback
  • ISBN: 1849697760
  • ISBN-13: 9781849697767
  • 相關分類: Java 程式語言Word資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

A practical, hands-on guide to securing Java application passwords with hashing techniques

Overview

  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results
  • Learn to use the basic MD5 hash
  • Introduces and details the concept of a strong SHA-based hash
  • Add salt to strengthen hashes and create nearly unbreakable hashes

In Detail

Password security is a critical matter when it comes to protecting the interests of application users and their data for a satisfactory user experience. With the advancement in technology, now more than ever, application developers need to be able to implement reliable mechanisms to prevent passwords from being stolen. Java Password and Authentication Security provides a practical approach to implement these reliable mechanisms with the possibility to make password authentication stronger as technology makes it easier to break them.

Java Password and Authentication Security is a practical, hands-on guide covering a number of clear, step-by-step exercises and code examples that will help you to implement strong password authentication solutions for your project in no time.

This book starts off with the most basic and well known hashing technique to quickly get an application developer started with implementing a standard password protection mechanism. Furthermore, it covers the stronger SHA (standard hashing algorithm) family in detail and brings up a technique to improve the hash security with a technique called “salting”.

You will also learn how to use these hashes, and more importantly, when to use each technique. You will learn that not every hash algorithm is good in every situation, and how to deal with password recovery, password authentication, and timing attacks.

What you will learn from this book

  • How and when to use the MD5 hash
  • Create every SHA-based hash
  • Use SHA hashes, and learning their weaknesses
  • Add salt to a hash
  • Store salts and regenerate the hash using the original salt
  • Implement an iterative hashing mechanism
  • Increase the strength of your hashes with an iterative hashing mechanism
  • Implement a length-constant time comparison to avoid timing attacks

Approach

Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. This book takes a hands-on approach to Java-based password hashing and authentication, detailing advanced topics in a recipe format.

Who this book is written for

This book is ideal for developers new to user authentication and password security, and who are looking to get a good grounding in how to implement it in a reliable way.

It's assumed that the reader will have some experience in Java already, as well as being familiar with the basic idea behind user authentication.

商品描述(中文翻譯)

一本實用的、實戰指南,教你如何使用雜湊技術保護Java應用程式的密碼。

概述:
- 快速學習新知識!短小、快速、專注的指南,立即獲得成果。
- 學習使用基本的MD5雜湊。
- 介紹並詳細解說強大的基於SHA的雜湊概念。
- 添加鹽以增強雜湊,創建幾乎無法破解的雜湊。

詳細內容:
密碼安全是保護應用程式使用者和其數據利益的關鍵問題,以確保滿意的使用者體驗。隨著技術的進步,應用程式開發人員需要能夠實施可靠的機制來防止密碼被盗取。《Java密碼和身份驗證安全》提供了一種實用的方法來實施這些可靠的機制,並在技術變得更容易破解時使密碼驗證更強大。

《Java密碼和身份驗證安全》是一本實用的、實戰指南,包含了一系列清晰、逐步的練習和代碼示例,幫助您在項目中快速實施強大的密碼驗證解決方案。

本書首先介紹了最基本和最常用的雜湊技術,以便快速讓應用程式開發人員開始實施標準的密碼保護機制。此外,本書詳細介紹了更強大的SHA(標準雜湊算法)家族,並提出了一種稱為“鹽”的技術來提高雜湊的安全性。

您還將學習如何使用這些雜湊,更重要的是,何時使用每種技術。您將了解到不是每個雜湊算法在每種情況下都是好的,以及如何處理密碼恢復、密碼驗證和時間攻擊。

本書將提供以下知識:
- 如何使用MD5雜湊及其使用時機。
- 創建每種基於SHA的雜湊。
- 使用SHA雜湊,並了解其弱點。
- 添加鹽到雜湊中。
- 存儲鹽並使用原始鹽重新生成雜湊。
- 實施迭代雜湊機制。
- 通過迭代雜湊機制增強雜湊的強度。
- 實施長度恆定時間比較以避免時間攻擊。

本書以實用的、逐步指導和清晰解釋為特點,以食譜形式詳細介紹了基於Java的密碼雜湊和身份驗證的高級主題。

本書適合對用戶身份驗證和密碼安全新手的開發人員,並希望以可靠的方式實施它的基礎知識。

假設讀者已經具有一些Java經驗,並熟悉用戶身份驗證的基本概念。