MD5 's full name is Message-digest algorithm 5 (Information-Digest algorithm), in the early 90 by MIT Laboratory for Computer Science and RSA Data Security Inc Ronald L. Riv EST developed, through the development of MD2, MD3 and MD4. Its role is to allow bulk information to be "compressed" into a confidential format before signing a private key with a digital signature software (that is, converting an arbitrary-length byte string into a long, large integer). Whether it's MD2, MD4, or MD5, they all need to get a random length of information and generate a 128-bit message digest.
The cryptographic hash function maps a binary string of any length to a small, fixed-length binary string. The cryptographic hash function has a property that is unlikely to find two different inputs for the same value as the hash column, meaning that the hashes of the two sets of data match only when the corresponding data matches. A small number of changes to the data produce unpredictable changes in the hash value. So it's hard to find clues from the encrypted text.
The full name of SHA1 is secure Hash algorithm (Secure Hash Algorithm)
The hash value of the MD5 algorithm is 128 bits. The hash value of the SHA1 algorithm is 160 bits. Both of these algorithms are irreversible.
Although Professor Xiao of Shandong University of China made a report on decoding MD5, HAVAL-128, MD4 and RIPEMD algorithms at the International Cryptography Conference (Crypto ' 2004) on August 17, 2004 in Santa Barbara, Calif., the results of the MD Series algorithm were revealed. Proclaimed the world's impregnable code standard MD5 fortress collapsed, triggering a controversy in the academic field of cryptography. But I think this encryption security is enough for us to do normal software.
We usually use the most is to encrypt the user password, the encrypted password stored in the database, when the password comparison, the user entered the password to encrypt, and then compared with the ciphertext in the database. As for how the cryptographic algorithm is implemented in the ASP, we don't need to worry about it.
Here are some of the encryption methods in ASP. There are two encryption algorithms, that is, the above mentioned MD5 and SHA1, here I give an example of MD5, for example, SHA1 roughly the same, just use a different class.
MD5 Related classes:
System.Security.Cryptography.MD5
System.Security.Cryptography.MD5CryptoServiceProvider ()
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile (strsource, "MD5") |
SHA1 Related classes:
System.Security.Cryptography.SHA1
System.Security.Cryptography.SHA1CryptoServiceProvider ()
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile (strsource, "SHA1") |
The method is as follows: (with VS2005)
1/**////<summary> 2///Method One: Create an object by using the new operator 3//</summary> 4//<param name= "strsource" > plaintext required for encryption </param> 5//<returns> returns 16-bit encryption result, which takes the 9th bit of 32-bit encryption results to 25 bits </returns> 6 public string Get_md5_method1 (string strsource) 7 { 8//new 9 System.Security.Cryptography.MD5 MD5 = new System.Security.Cryptography.MD5CryptoServiceProvider (); 10 11//Get an array of secret text sections byte[] Bytresult = Md5.computehash (System.Text.Encoding.Default.GetBytes (strsource)); 13 14//Convert to String, and take 9 to 25 bits String strresult = Bitconverter.tostring (Bytresult, 4, 8); 16//Convert to string, 32 bit //string strresult = bitconverter.tostring (Bytresult); 18 The string converted by//bitconverter will produce a delimiter in the middle of each character and need to be removed strresult = Strresult.replace ("-", "" "); return strresult; 22} 23 /**////<summary> 25///Method Two: Create an object that implements a particular cryptographic algorithm by invoking the Create method on the abstract class of a particular cryptographic algorithm. </summary> +//<param name= "strsource" > plaintext required for encryption </param> ///<returns> return 32-bit encryption results </returns> public string Get_md5_method2 (string strsource) 30 { String strresult = ""; 32 //create System.Security.Cryptography.MD5 MD5 = System.Security.Cryptography.MD5.Create (); 35 36//Note the selection of encoding UTF8, UTF7, Unicode, etc. PNS byte[] Bytresult = Md5.computehash (System.Text.Encoding.UTF8.GetBytes (strsource)); 38 An array of type 39//byte is converted to a string (int i = 0; i < bytresult.length; i++) 41 { 42//16 Binary Conversion strresult = Strresult + bytresult[i]. ToString ("X"); 44} Strresult return; 46} 47 /**////<summary> 49///Method Three: Direct use of hashpasswordforstoringinconfigfile generation </summary> Wuyi///<param Name= "strsource" > plaintext required for encryption </param> //<returns> return 32-bit encryption results </returns> Get_md5_method3 public String (string strsource) 54 { System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile return (strsource, "MD5"); 56} |
These cryptographic functions are performed on the server side, that is, when the user enters the password, the user's password is not protected from the client to the server side, and is dangerous. The bank's approach is to install the ActiveX control on the client and encrypt and send some important information on the client. This I will not pull, I would like to learn to learn to do this ActiveX control.
Original address: http://www.ratuo.com/websitezt/net/20652.html
Asp. Several methods of MD5 and SHA1 encryption in net