Analysis of PHP user password encryption algorithm

The common encryption algorithms can be divided into three kinds, symmetric encryption algorithm, asymmetric encryption algorithm and hash algorithm.

Symmetric encryption

Encrypt and decrypt encryption algorithms that use the same key. The advantages of symmetric encryption algorithms are the high speed of decryption and the difficulty of cracking when using long keys. Assuming that two users need to encrypt and then exchange data using a symmetric encryption method, the user needs at least 2 keys and is exchanged, and if there are N in the enterprise, the entire enterprise needs NX (n-1) keys, and the generation and distribution of the keys will become the nightmare of the Enterprise Information Department. The security of the symmetric encryption algorithm depends on the storage of the encryption key, but it is impossible for everyone in the enterprise to keep a secret, and they usually leak the key out-if a user uses a key that is obtained by the intruder, the intruder can read all the documents encrypted by the user key. If a single encryption key is shared across the enterprise, the confidentiality of the entire enterprise document will not be discussed.

Common symmetric cryptographic algorithms: DES, 3DES, DESX, Blowfish, Idea, RC4, RC5, RC6, and AES

This article mainly introduces the PHP user password encryption algorithm, the detailed analysis of the principle of discuz encryption algorithm, and combined with the example of the implementation of the. NET algorithm summarizes the PHP user encryption process and implementation method, the need for friends can refer to the next

Discuz password encryption algorithm is actually two times MD5 encryption, first encrypted with plaintext, then randomly generate a salt, and then add a salt after the first cipher as plaintext and then once again MD5 encryption. The salt is saved in the Uc_members table and can be obtained by user name.

Like this:

MD5 (MD5 (Clear text) +salt)

The following is the implementation code for. NET:

String getdiscuzpwstring (String sourcestr, string salt) {   return Getmd5hash (string. Concat (Getmd5hash (SOURCESTR), salt));} String Getmd5hash (String input) {  MD5 md5hasher = MD5. Create ();  byte[] data = Md5hasher.computehash (Encoding.Default.GetBytes (input));  StringBuilder Sbuilder = new StringBuilder ();  for (int i = 0; i < data. Length; i++)  {    sbuilder.append (Data[i]. ToString ("X2"));  }  return sbuilder.tostring ();}

Summarize the password to determine the way:

① to install UC

② Open the database Find uc_members This table, look for the last field "salt", copy the value inside

③ Pseudo Code:

$s =MD5 (MD5 ("password"). " The value of the Salt field "); Echo $s;

④ Using if judgment

⑤ say it again! That's a random 6-digit number!