There is no absolute security in program development, only relative security. When the cost of cracking > the profit of cracking, your program is relatively safe.
Yesterday, I saw a detailed introduction to various methods of iOS security encryption in the live broadcast. Now I record it, and the content will be added later.
1. HASH encryption:
The commonly used method in this encryption is MD5 encryption
1. Irreversible operations;
2. Encrypt different data, and the result is a fixed-length 32-bit character; (whether it is a picture or a movie of 1 G, it is a 32-bit string after encryption)
3. Encrypt the relative data, and the result is the same; (after a data is copied, the same 32-bit string is obtained by encrypting the two data)
Although it is irreversible, in actual development, MD5 will not be used directly, because there are more reverse query data now, which is not safe enough. http://www.cmd5.com/ This website can reverse query your password based on 32 characters ;
NSString *pwdMd5 = pwd.md5String; -- Encrypt the password once or twice by md5
In actual development, for applications that do not require too high a security factor, data is generally encrypted by adding salt.
NSString *salt = @"abc";
NSString *pwdSalt = [pwd stringByAppendingString:salt].md5String;
However, the salting method is not absolutely safe, because the salt is customized by the developer. When the salt is leaked, it is equivalent to the encryption method of the entire program being exposed, and it is easy to be cracked by others;
-. HMAC gives a key, encrypts the plaintext, and "hashes" it twice, and the result is still 32 characters;
-. In actual development, the key is given by the server, one account corresponds to one key, and a key is generated for you when you register
-. About HMAC logic
1. Registration: Account: sent to the server, the server verifies whether it is a legal account, if it is a legal account, the server generates a unique KEY value
Password (HMAC encryption): Send HMAC (32-bit string) to the server, and the server saves the HAMC password;
2. Login:
NSString *hmacPwd = [pwd hmacMD5StringWithKey:"abc"]; // abc: key value randomly generated by the server
After this method is cracked, only one person's key value and only one person's data can be obtained, and the entire application will not be exposed, which is relatively safe;
-.There is another encryption method: HMAC + server time + key value
Login logic (the moment when the user clicks the login button) ----- Purpose: The encryption result is different each time! ! !
Client:
-. Generate HMAC password;
-. (HMAC password + server time (accurate to minutes)).md5 ;
-. The HASH value of the event is added and sent to the server;
Server: Owned 1. Account 2. HMAC Password 3. KEY
-.Authentication: (HMAC password + server time).md5
When the server validates, there will be a time delay, all need to validate the last minute of the server's current time (or the server determines how much time to validate)
This verification method greatly increases the security of the application. Even if some data is obtained, it needs to be cracked within the specified time. If it is not cracked, the password will be different in the next minute.
2. Symmetric encryption: —— Traditional encryption method
-Plaintext - > Key Encryption -> Ciphertext
-Ciphertext— >Key Decryption—>Plaintext
3. Asymmetric encryption: - modern encryption methods
- public key, private key
- Encrypt with public key, decrypt with private key
- Encrypt with private key, decrypt with public key