使用一般的 MD5 加密,直接对密码进行散列,黑客可以通过查找散列值字典,来得到用户的密码。
加 Salt 可以解决这个问题,就是当用户登录时,系统为用户提供的代码加上 Salt 值,再进行散列。
package com.yuu.mall.util;
import java.security.MessageDigest;
/**
* Created by yuu
*/
public class MD5Util {
private static String byteArrayToHexString(byte b[]) {
StringBuffer resultSb = new StringBuffer();
for (int i = 0; i < b.length; i++)
resultSb.append(byteToHexString(b[i]));
return resultSb.toString();
}
private static String byteToHexString(byte b) {
int n = b;
if (n < 0)
n += 256;
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
/**
* 返回大写MD5
*
* @param origin
* @param charsetname
* @return
*/
private static String MD5Encode(String origin, String charsetname) {
String resultString = null;
try {
resultString = new String(origin);
MessageDigest md = MessageDigest.getInstance("MD5");
if (charsetname == null || "".equals(charsetname))
resultString = byteArrayToHexString(md.digest(resultString.getBytes()));
else
resultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname)));
} catch (Exception exception) {
}
return resultString.toUpperCase();
}
public static String MD5EncodeUtf8(String origin) {
origin = origin + "yuusdafaqj23ou89ZXcj@#$@#$#@KJdjklj;D../dSF.,";
return MD5Encode(origin, "utf-8");
}
private static final String hexDigits[] = {"0", "1", "2", "3", "4", "5",
"6", "7", "8", "9", "a", "b", "c", "d", "e", "f"};
}
这句就是加 Salt
origin = origin + “yuusdafaqj23ou89ZXcj@#KaTeX parse error: Expected 'EOF', got '#' at position 2: @#̲#@KJdjklj;D…/dSF.,”;