手势密码工具类LockPatternUtils
LockPatternUtils是处理手势的工具类,主要看下两个方法patternToString、patternToHash两个方法。
- patternToString
/**
* Serialize a pattern.
* @param pattern The pattern.
* @return The pattern in string form.
*/
public static String patternToString(List<LockPatternView.Cell> pattern) {
if (pattern == null) {
return "";
}
final int patternSize = pattern.size();
byte[] res = new byte[patternSize];
for (int i = 0; i < patternSize; i++) {
LockPatternView.Cell cell = pattern.get(i);
res[i] = (byte) (cell.getRow() * 3 + cell.getColumn());
}
return new String(res);
} 从方法定义可以看到,将手势用0~8数字,转换成byte数组来表示。
- patternToHash
/*
* Generate an SHA-1 hash for the pattern. Not the most secure, but it is
* at least a second level of protection. First level is that the file
* is in a location only readable by the system process.
* @param pattern the gesture pattern.
* @return the hash of the pattern in a byte array.
*/
public static byte[] patternToHash(List<LockPatternView.Cell> pattern) {
if (pattern == null) {
return null;
}
final int patternSize = pattern.size();
byte[] res = new byte[patternSize];
for (int i = 0; i < patternSize; i++) {
LockPatternView.Cell cell = pattern.get(i);
res[i] = (byte) (cell.getRow() * 3 + cell.getColumn());
}
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(res);
return hash;
} catch (NoSuchAlgorithmException nsa) {
return res;
}
} patternToHash的作用是,在patternToString的基础上,采用「SHA-1」算法对byte数组进行hash散列。值得一提的是,SHA-1虽然不可逆,但算法并不安全。如果采用暴力破解的方式,自己写个程序很快就能撞对。
也许Android的开发者也明白,Android作为开源系统,无法做到真正意义上的绝对安全,除了每个人都能获得源码外,获得系统root权限就能拿到系统所有数据。
投递字节跳动等公司7个岗位 >
,
查看19道真题和解析
