I. Overview
MD5 (Message Digest Algorithm 5), a hashing algorithm, is irreversible, that is no way to get through after md5 encrypted text, no decryption algorithm.
In a typical project will have a login registration function, the simplest, log registration process no encryption, password database is also in clear text, security is poor storage, in case of data loss on the bad (Table I). So, by the MD5 encrypted password stored in the database (Table II), the login process from the rear end of the front end of the retrieved password encryption, control database already encrypted password.
But the general encryption algorithm is fixed, it is easy to crack, low safety factor, as far as I know, there are many sites can be directly break the cipher text. To improve security, you can take the salt way. Generating a set of random strings stored in the database, and then mixed in the original password, and then by encrypting the encryption algorithm, stored into the database (Table 3).
Table I
Table II
Table III
As for the underlying principle MD5 encryption algorithm, refer to this blog: https://blog.csdn.net/sinat_27933301/article/details/79538169
Second, code implementation
Java has a lot about the MD5 encryption method, implemented DigestUtils.md5DigestAsHex Spring here in ().
public class MD5Util { public String passwordEncryptor(String password){ return DigestUtils.md5DigestAsHex(password.getBytes()); } }
Front-end get the user name entered by the user to find a database of salt, and mix in the password entered by the user, from here I direct salt added at the end
// omit a lot of code, including a database lookup code String = request.getParameter username ( "username" ); String password = request.getParameter ( "password" ); String Salt = impUserService.findSalt (username); String mdPassword = md5Util. passwordEncryptor (password + Salt); the User User = impUserService.find (username, mdPassword);
Third, other problems
Password when a user logs in the front need to submit with js encrypted before it?
Personally, I think, it should be unused. May feel the front end to the back end of the clear text transmission, then the process if people can be intercepted, it is not very dangerous. But since it can get, and that the front end encryption algorithm also exposed, so it feels like to do useful work. Of course this is just my personal thoughts, there is to know or have other ideas of big brother told me about ha ha ha.