Reprinted from: http://www.weixuehao.com/archives/474
What is MD5
message-digest algorithm 5 (message-digest algorithm). The "MD5 encryption" that is often said, is it → information-digest algorithm.
When downloading something, I often see the md5 value in some compressed package properties. And this download page, it is very likely that in a certain place, wrote a sentence, the MD5 value of this file is XXXXXXXXX. What does this do?
Vernacular Vernacular: md5 is actually a Chinese algorithm. You can put a string, or file, or compressed package, after executing md5, you can generate a fixed-length 128-bit string. This string is basically unique.
Therefore, after someone has repaired the compressed package, a new string will be generated. At this time, the string provided by the website can be compared with the newly generated string. If it is different, it means that it has been repaired.
Encryption and digest are not the same
The encrypted message is complete; it has a decryption algorithm to get the original data;
The information obtained by the summary is incomplete; through the summary data, the original data cannot be obtained;
So, when you see a lot of people say, md5, encryption, decryption, just smile.
MD5 length
Some people say md5, 128-bit, 32-bit, 16-bit, how long is md5?
The length of md5, the default is 128bit, which is a binary string of 128 0s and 1s.
Such expression is very unfriendly.
So the binary is converted into hexadecimal, and every 4 bits represents a hexadecimal.
So 128/4 = 32 is converted to hexadecimal representation, it becomes 32 bits.
Why is there still a 16-bit md5 on the Internet?
There are many posts on the Internet, the difference between md5 32-bit and 16-bit encryption.
Carefully observe the 32-bit and 16-bit md5 values generated by admin...
查询结果:
md5(admin,32) = 21232f297a57a5a743894a0e4a801fc3
md5(admin,16) = 7a57a5a743894a0eSee it!
In fact, the 16-bit length is derived from the 32-bit md5 value. It is obtained by removing the first eight bits of the 32-bit md5 and the last eight bits.
The role of MD5
①Consistency test, the top example
②Digital signature is still the top example. I just saw a fingerprint on md5 and pressed a fingerprint to show that it is unique.
③Safe access authentication, this is the problem of usual system design.
When the user registers, the password will be md5 encrypted and stored in the database. This can prevent those who can see the database data from malicious operations.
Can md5 not be cracked?
md5 is irreversible, that is, there is no corresponding algorithm, and the original data is obtained from the md5 value produced in reverse.
But if brute force is used, it's another matter.
Is md5 unique?
Is md5 as the primary key in the database feasible? This involves a question, is the md5 value unique? The answer is not unique.
That is, a raw data, corresponding to only one md5 value;
But one md5 value may correspond to multiple raw data.
Generate MD5 value in java
public class MD5Test {
//main测试类
public static void main(String[] args) {
String result = getMD5("aaa");
System.err.println(result);
}
/**
* 生成md5
* @param message
* @return
*/
public static String getMD5(String message) {
String md5str = "";
try {
//1 创建一个提供信息摘要算法的对象,初始化为md5算法对象
MessageDigest md = MessageDigest.getInstance("MD5");
//2 将消息变成byte数组
byte[] input = message.getBytes();
//3 计算后获得字节数组,这就是那128位了
byte[] buff = md.digest(input);
//4 把数组每一字节(一个字节占八位)换成16进制连成md5字符串
md5str = bytesToHex(buff);
} catch (Exception e) {
e.printStackTrace();
}
return md5str;
}
/**
* 二进制转十六进制
* @param bytes
* @return
*/
public static String bytesToHex(byte[] bytes) {
StringBuffer md5str = new StringBuffer();
//把数组每一字节换成16进制连成md5字符串
int digital;
for (int i = 0; i < bytes.length; i++) {
digital = bytes[i];
if(digital < 0) {
digital += 256;
}
if(digital < 16){
md5str.append("0");
}
md5str.append(Integer.toHexString(digital));
}
return md5str.toString().toUpperCase();
}
}The detailed algorithm of MD5...search it yourself.
==================== Dividing line========================
The above is transferred from wei's MD5 tutorial, let me talk about my usage scenarios in the project.
md5 is generally used during login and registration. When registering, the password is md5 encrypted, and the encrypted password is stored in the server database, so that every time the client logs in, the plaintext password md5 is encrypted with the server. For comparison, the login is successful if the same is the same, and the login fails if the difference is different, so that even if the server database is leaked, others will not know the user's password.
Ask me the password md5 is encrypted and saved in the phone, and then the password is automatically filled in, but it is also possible that the user will modify the password by himself. How can I judge whether the content in the password box needs to be md5 again?