A simple md5 and salt encryption method (to prevent rainbow tables from hitting the database)
Md5 encryption (or digest algorithm) is not explained if you are familiar with it.
Currently, many database designs prefer to use one-way encryption to save the password. After the password is re-encrypted during verification, the ciphertext is compared.
/// <Summary> use MD5 encryption /// </summary> /// <param name = "input"> encrypted string </param> /// <remarks> 2015.08.26 </remarks> public static Guid ToMD5 (string input) {using (var md5Provider = new MD5CryptoServiceProvider () {var bytes = Encoding. UTF8.GetBytes (input); var hash = md5Provider. computeHash (bytes); var count = hash. length; hash [0] = (byte) (hash [3] + (hash [3] = hash [0]) * 0 ); // exchange hash [1] = (byte) (hash [2] + (hash [2] = hash [1]) * 0 ); // exchange hash [5] = (byte) (hash [4] + (hash [4] = hash [5]) * 0 ); // Exchange Values of hash [7] = (byte) (hash [6] + (hash [6] = hash [7]) * 0 ); // exchange the value of 6, 7, return new Guid (hash );}}
This design was initially designed to prevent hackers from getting the user's password directly after being exposed to the database. Because it is a one-way encryption, even if you know the encryption algorithm, you cannot get the actual password.
However, after the appearance of the rainbow table, the pure md5 is not safe.
The following is an excerpt from Baidu Encyclopedia:
A rainbow table is a pre-computed table used to encrypt Hash Functions and perform inverse operations. It is often used to crack encrypted hash. Generally, the mainstream rainbow tables are larger than GB. Search tables are often used to encrypt passwords that contain limited characters and fixed characters. This is a typical practice of changing the space for time. We use less computing power and more storage space in brute-force cracking that is computed every time, however, it uses less storage space and more computing performance than simply querying a hash table with one input. Using the KDF function with salt can make this attack difficult.
Simply put, attackers encrypt a simple password (such as 123456,111111 and 888888) with md5 in advance to obtain the ciphertext (such as 123456-> e10adc3949ba59abbe56e057f20f883e ), use the data in this table to compare the ciphertext of the violent database.
With this simple md5, it is easy to win
So then there were two md5...... N md5 times. Of course, this is also true ......
So then there was salt encryption,
Simply put: for example, if the login name is blqw and the password is 123456, the database's ciphertext is md5 (123456 + blqw). This ensures that even if the user's password is the same, the ciphertext is different, in this way, the rainbow table will be closed.
There are many ways to add salt, one is md5 (password + login name), this method is generally possible
However, after the login name is modified, the ciphertext must be modified, but you do not know what the original password is .... (although the common login name cannot be modified, who knows the idea of product manager .....)
Or someone chooses to create one more field to store the obfuscation code, but it is still very troublesome.
Now let's talk about the theme of today, a simple method of adding salt.
Public static Guid ToRandomMD5 (string input) {using (var md5Provider = new MD5CryptoServiceProvider () {// gets a random number less than 256, used as "salt" var salt = (byte) math. abs (new object (). getHashCode () % 256); input + = salt; var bytes = Encoding. UTF8.GetBytes (input); var hash = md5Provider. computeHash (bytes); hash [0] = salt; return new Guid (hash) ;}} public static bool extends srandommd5 (string input, Guid rmd5) {var ar R = rmd5.ToByteArray (); // obtain the salt var salt = arr [0]; using (var md5Provider = new MD5CryptoServiceProvider () {input + = salt; var bytes = Encoding. UTF8.GetBytes (input); var hash = md5Provider. computeHash (bytes); for (int I = 1; I <16; I ++) {if (hash [I]! = Arr [I]) {return false ;}} return true ;}}
Simply put, you can put the salt in the ciphertext to get a 16-Length byte after md5 hash, And the byte can save 0 ~ An integer of 255, so in this example, the random salt is 0 ~ Number of 255
Then md5 (plaintext + salt) is used to save the salt to the byte [0] location.
In this way, the ciphertext after each hash is different, but the ciphertext can still be compared directly. Here, we will discuss the issue, and we can add another one if 255 is not enough.
Of course, it can also be directly placed in 1 ~ 15 on the index
Of course, you can obtain 0 ~ 14 and then put it in ....