Scenario : The requirement is to encrypt the password when logging in, and the user is not allowed to capture the user's login password parameters in the browser F12 and packet capture tools like Fiddler
Solutions and ideas : use md5 encryption
用户注册时将加密后的密码发送给后端存储
当登陆的时候,再将加密后的密码和数据库中加密的密码相匹配。
此加密无须解密Introduction to md5
md5加密
MD5(单项散列算法)的全称是Message-Digest Algorithm 5(信息-摘要算法),经MD2、MD3和MD4发展而来。
MD5功能:
输入任意长度的信息,经过处理,输出32位的信息;
不同的输入得到的不同的结果(唯一性)
根据32位的输入结果不可能反推出输入的信息(不可逆)
The front end uses md5 encryption
安装:
npm install js-md5 -D
在页面中使用:
import md5 from “js-md5”
代码:
// 加盐
let salt='cvdf-yyds*123.cv987@'
this.loginForm.Password = md5(salt+ this.loginForm.Password );
Add salt encryption:
加盐加密是一种对系统登录口令的加密方式,它实现的方式是将每一个口令同一个叫做”盐“(salt)的n位随机数相关联In the process of trying to crack it by myself, I found that the simple password md5 encryption can be cracked, which will cause the encryption to fail, so use salt (salt) encryption
The password + salt are encrypted together to form a ciphertext, so that even if the password is a weak password, the combination is a complex password.
Since the password after adding the salt value is quite safe, even if the salt and the final ciphertext are obtained, cracking it is a process that takes quite a lot of time, which can be said to be several times that of cracking simple MD5