Table of contents
Scenarios for using the message digest algorithm:
Typical characteristics of a message digest algorithm:
The Principle of Algorithm Irreversibility
How to keep your password safe
Scenarios for using the message digest algorithm:
Typical characteristics of a message digest algorithm:
- same message, same digest
- No matter how long the message is, the length of the digest is fixed (same algorithm)
- the message is different, the digest will hardly be the same
Common digest algorithms are:
-MD series: MD2(128bit), MD4(128bits), MD5(128bit)
-SHA family: SHA-1 (160bit), SHA-256 (256bit), SHA-384 (bit), SHA-512 (512bit)
1bit, that is, 1-digit binary system, and its possible results are -0, 1 (2 kinds of results, that is, 2 to the power of 1)
2bit, that is, 2-digit binary system, and its possible results are -00, 01, 10, 11 (4 kinds of results, that is, the second power of 2)
3bit, that is, 3-digit binary system, and its possible result bits are -000,001,010,011,100,101,110,111 (8 kinds of results, that is, the third power of 2)
...
Taking MD5 as an example, its operation result is composed of 128 binary numbers, so the types of operation results of the MD5 algorithm are 2 to the 128th power, which are usually converted into hexadecimal numbers to represent, which is 16 of 32 bits in length. base number
The Principle of Algorithm Irreversibility
Since the message algorithm will lose part of the data during the operation process, the message algorithm is irreversible, that is, the plaintext cannot be cracked through the ciphertext
How to keep your password safe
Why do security issues arise?
On the Internet, there are some platforms that record simple plaintext and ciphertext correspondence databases to achieve the effect of "querying the original text based on the ciphertext". However, as we mentioned earlier, taking MD5 as an example, the types of calculation results that can be generated are 2 to the 128th power, so these platforms cannot exhaustively enumerate all the corresponding relationships, and can only record a small part (simple plaintext). Therefore, as long as the original text is complex enough, it is almost impossible to query it on these platforms
Taking this platform as an example, the platform records 90 trillion records. What is the concept? If our password consists of numbers and letters, there are 26*2+10 result types of the one-digit password, that is, 62 types. As long as there are only 8 digits, the result types can easily reach the number of 90 trillion. If characters are added, The results will be even larger, so we cannot exhaustively enumerate all the corresponding relationships, but only record a small part (simple plaintext)
How to ensure the complexity of the original text: (The following three types can be used in combination)
- Require users to use stronger original passwords
- Require longer passwords
- Require more variety in the types of characters contained in passwords
- Add salt (salt): that is, add a string to the password entered by the user
- Theoretically, the more complicated the salt value, the better, but there is no need to be overly complicated
- There is no regulation on the specific use of the salt value. In principle, as long as the calculated data can be complicated
- Cyclic encryption
- Use the ciphertext obtained by the first operation as the original text, and perform the second operation, and so on for many times
- Use a longer message digest algorithm
public class DigestTest{
public static void main(String[] args) {
String rawPassword = "Java_1956"; //明文
String salt = "helloword"; //盐值
String encodedPassword = DigestUtils //密文
.md5DigestAsHex((salt + rawPassword + salt).getBytes());
for(int i=0;i<5;i++){ //将密文循环加密
encodedPassword = DigestUtils
.md5DigestAsHex(encodedPassword.getBytes());
}
System.println.out("原始密码="+rawPassword+",MD5运算结果="+encodedPassword)
//输出结果为:原始密码=Java_1956,MD5运算结果=b440d2c2bafe262b0006ed0eec8a0544
}
}