[Quick Start Series] Use MD5 encryption to encrypt passwords

[Quick Start Series] Use MD5 encryption to encrypt passwords

introduce

MD5 encryption

• Message Digest Algorithm MD5 (Chinese name is the fifth edition of Message Digest Algorithm)
• The password of the application is usually not saved in plain text, and a variety of encryption algorithms are used to encrypt the password
• The MD5 algorithm is relatively safe.
• The initial MD5 algorithm is implemented by C language
• The MD5 algorithm of the Java version is evolved from the MD5 algorithm of the C language

Secure Access Authentication

When the user logs in, the system performs MD5 Hash operation on the password entered by the user, and then compares it with the MD5 value stored in the file system to determine whether the entered password is correct. This prevents the user's password from being known by users with system administrator privileges.

MD5 maps a "byte string" of arbitrary length to a 128-bit large integer, and it is difficult to deduce the original string through this 128-bit. In other words, even if you see the source program and algorithm description, you cannot convert A MD5 value is converted back to the original string, mathematically speaking, because there are infinitely many original strings, which is a bit like a mathematical function that does not have an inverse function.

It is for this reason that one of the most used methods of deciphering passwords by hackers is a method called "running the dictionary". There are two ways to get the dictionary, one is the daily collection of character string tables used as passwords, and the other is generated by permutation and combination. First use the MD5 program to calculate the MD5 values ​​​​of these dictionary items, and then use the target MD5 values ​​are retrieved in this dictionary. We assume that the maximum length of the password is 8 bytes (8 Bytes), and the password can only be letters and numbers, a total of 26+26+10=62 bytes, and the number of items in the dictionary is P(62 ,1)+P(62,2)….+P(62,8), that is already a very astronomical number, storing this dictionary requires a TB-level disk array, and this method has a premise , that is, only when the MD5 value of the password of the target account can be obtained.

use

Use the MD5 tool class, just call

MD5 tools

MD5Util.java

package com.r.utils;

import java.math.BigInteger;
import java.security.MessageDigest;

public class MD5Util {
    
    
    /**
	    * 对字符串md5加密(小写+数字)
	    *
	    * @param str传入要加密的字符串
	    * @return MD5加密后的字符串
	    */
    public static String getMD5(String source) {
    
    
        try {
    
    
            // 生成一个MD5加密计算摘要
            MessageDigest md = MessageDigest.getInstance("MD5");
            // 计算md5函数
            md.update(source.getBytes());
            // digest()最后确定返回md5 hash值，返回值为8为字符串。因为md5 hash值是16位的hex值，实际上就是8位的字符
            // BigInteger函数则将8位的字符串转换成16位hex值，用字符串来表示；得到字符串形式的hash值
            return new BigInteger(1, md.digest()).toString(16);
        } catch (Exception e) {
    
    
            e.printStackTrace();
            return null;
        }
    }
    /**
	    * 对字符串md5加密(大写+数字)
	    *
	    * @param str传入要加密的字符串
	    * @return MD5加密后的字符串
	    */
    public static String toMD5(String source) {
    
    
        char hexDigits[] = {
    
     '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
        try {
    
    
            byte[] btInput = source.getBytes();
            // 获得MD5摘要算法的 MessageDigest 对象
            MessageDigest mdInst = MessageDigest.getInstance("MD5");
            // 使用指定的字节更新摘要
            mdInst.update(btInput);
            // 获得密文
            byte[] md = mdInst.digest();
            // 把密文转换成十六进制的字符串形式
            int j = md.length;
            char str[] = new char[j * 2];
            int k = 0;
            for (int i = 0; i < j; i++) {
    
    
                byte byte0 = md[i];
                str[k++] = hexDigits[byte0 >>> 4 & 0xf];
                str[k++] = hexDigits[byte0 & 0xf];
            }
            return new String(str);
        } catch (Exception e) {
    
    
            e.printStackTrace();
            return null;
        }
    }
}

test class

MD5Test.java

package com.r.utils;

public class MD5Test {
    
    

	public static void main(String[] args) {
    
    
		//设置一个密码
		String password = "123456";
		String pwd = MD5Util.toMD5(password);
		System.out.println("MD5加密格式（大写+数字）：" + pwd);
		System.out.println("MD5加密格式（小写+数字）：" + MD5Util.getMD5(password));
		
		//模拟后端数据库密码经过MD5加密
		String pwd_database = MD5Util.toMD5("123456");
		//模拟前端用户输入密码经过MD5加密
		String pwd_input = "123456";
		//打印
		System.out.println("前端用户输入和后端数据库MD5加密比对：" + MD5Util.toMD5(pwd_input).equals(pwd_database));
	}

}

operation result

application

It can be seen that when the plaintext of the password is consistent, the encrypted information is also consistent, so the encrypted information can be saved in the backend, and then the plaintext of the password entered by the user is encrypted with MD5 to compare with the backend database as a simple password Protect