问题
In developing an Android application that will store certain user date into a sqlite database, how should I handle a user password securely? How can I encrypt the password so that it does not appear "in the clear" in the database, but so I can decrypt it in the application when needed.
回答1:
Storing user credentials in a database presents many security challenges. You may want to consider an alternative (e.g. using OAuth 2.0 Authentication). We don't need yet another Android app with security vulnerabilities. Here is a ref for OAuth 2.0 Authentication from Google.
While one alternative that many folks do use is to "hash" the username and password using an algorithm like SHA-1 (MD5 has some vulnerabilities, though it is also used often)
回答2:
The best approach would be to store SHA-2 (or some other type of hash) of the password, and then compare those hashes instead of the actual decrypted passwords.
Storing passwords is a bad practice and is not secure even if they are encrypted. Remember, everything can be broken. The best you could do is to make things more difficult for the hacker.
来源:https://stackoverflow.com/questions/25461428/encrypt-decrypt-password-in-sqlite-android