Big Brother talk about the information security knowledge in Java interview (MD5)
Java MD5 Encryption algorithm introduction and use
Introduction to the MD5 algorithm
Characteristics
1、压缩性:任意长度的数据,算出的MD5值长度都是固定的。
2、容易计算:从原数据计算出MD5值很容易。
3、抗修改性:对原数据进行任何改动,哪怕只修改1个字节,所得到的MD5值都有很大区别。
4、强抗碰撞:已知原数据和其MD5值,想找到一个具有相同MD5值的数据(即伪造数据)是非常困难的。
Use
1.可以用于加密用户密码
2.可以用于应用安装包的一致性验证
Simple use of MD5
public class MessageDigestUtil { public static String encryptMD5(byte[] data) throws NoSuchAlgorithmException { MessageDigest md5 = MessageDigest.getInstance("MD5"); md5.update(data);// data 是要加密的信息,格式为 byte 数组 byte[] resultBytes = md5.digest();//即是经过 MD5 加密过后生成的 byte 数组 String resultString = resultBytes.toString(); return resultString; }}
After writing we want to verify the data after MD5 encryption back to generate what information, write a main function similar to the following
public class Main { public static final String DATA = "hwaphon"; /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { String result = MessageDigestUtil.encryptMD5(DATA.getBytes()); System.out.println(result); }}
Run the program, the output is as follows
[[email protected]
This time we found that this is not the MD5 format we normally see, right, we usually see is 16 binary, and now is a byte form, so we need to convert it to 16 binary, how to convert it?
public class Helper { public static String bytesToHexString(byte[] src) { StringBuilder stringBuilder = new StringBuilder(""); if (src == null || src.length <= 0) { return null; } for (int i = 0; i < src.length; i++) { int v = src[i] & 0xFF; String hv = Integer.toHexString(v); if (hv.length() < 2) { stringBuilder.append(0); } stringBuilder.append(hv); } return stringBuilder.toString(); }}
Why is it so converted? As we all know, 16 binary each character requires 4 bits 2 binary to represent, and byte with binary is 8 bits, so we just need to each byte conversion bit two 16 binary representation. You may also int v = src[i] & 0xFF;
have questions about this line.
After the conversion, it will be converted into String resultString = resultBytes.toString();
String resultString = Helper.bytesToHexString(resultBytes);
Run the program again, the output is 0dcd7314898e812f223ad0c61bc8a903
, well, it looks like it's going to happen.
What's the use of turning into this? First of all we think, when we write client program, user login can not be expressed in clear text it? If this is the case, then as long as the data stream is intercepted when logging in, then our customer's data information can be described as naked. So for security reasons, we can be in the user name and password are MD5 encryption, note that the MD5 algorithm is irreversible, that is, even if the data after the MD5 encryption is intercepted, it is not possible to restore the original data.
Validation conformance
When we download the program installation package process, the program may be illegally tampered with, how to determine the download of the program itself has not been tampered with it? Some programs in the download, the official will give the value of MD5, then we downloaded how to verify it? Below take sogou Pinyin installation package example, get its MD5 value
public static String getMD5OfFile(String path) throws Exception { FileInputStream stream = new FileInputStream(new File(path)); DigestInputStream digestInputStream = new DigestInputStream(stream, MessageDigest.getInstance("MD5")); byte[] buffer = new byte[1024]; int read = digestInputStream.read(buffer, 0, 1024); while (read != -1) { read = digestInputStream.read(buffer, 0, 1024); } MessageDigest dis = digestInputStream.getMessageDigest(); byte[] resultBytes = dis.digest(); String resultString = Helper.bytesToHexString(resultBytes); return resultString; }
Test it.
public class Main { public static final String PATH = "sogoupinyin_2.0.0.0078_amd64.deb"; /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { String result = MessageDigestUtil.getMD5OfFile(PATH); System.out.println(result); }}
Output results
0a4e81d7a9cae7e8597371b1fa3674aa
This time, if I download the official also provided to a MD5 value, then I can now go to compare, if the exact match, I downloaded the program has not been illegally tampered with, if not the same, then the description ....
Big Brother talk about the information security knowledge in Java interview (MD5)