Implement MD5 encrypted login password in Javascript + Java

The customer said that the password for my *** system login was transmitted in plain text. I am not familiar with HTTPS, so I use MD5 encryption, although it cannot be guaranteed, but it is much better than plain text transmission.

Let's talk about the general process: When the login JSP page is opened, a random string is generated and placed in the session so that it can be obtained in the background. When the customer enters the user name and password and clicks "Log on", they get the password and random string, splice them together, and use js to generate the MD5 string. Then, use js to change the value of the password to an MD5 string, and then submit the form.

The backend obtains the random string, user name, and MD5 string, queries the password from the database using the user name, And Concatenates the password and random string to generate the MD5 string, use the generated MD5 string to match the MD5 string passed from the front-end. If they are consistent, the verification is passed.

---------------------------- Foreground -------------------------------------

Random Number generated on the JSP page:

<% String pagename = pagecontext. getrequest (). getparameter ("pagename"); pagename = stringutils. filterunsafechars (pagename); // a filtering operation in the business system. You can skip this step and generate a random number to generate md5request together with the password. getsession (). setattribute ("md5randomkey", stringutils. getrandomnum (10); %>

The following function is called when the form is submit:

function encryptionPassword(){               var hash = MD5($("user_password").value+"${md5RandomKey}");       $("user_password").value = hash;      } 

Md5.js is as follows:

/* * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message * Digest Algorithm, as defined in RFC 1321. * Copyright (C) Paul Johnston 1999 - 2000. * Updated by Greg Holt 2000 - 2001. * See http://pajhome.org.uk/site/legal.html for details. */var hex_chr = "0123456789abcdef";function rhex(num) {str = "";for (j = 0; j <= 3; j++) {str += hex_chr.charAt((num >> (j * 8 + 4)) & 15) + hex_chr.charAt((num >> (j * 8)) & 15);}return str;}function str2blks_MD5(str) {nblk = ((str.length + 8) >> 6) + 1;blks = new Array(nblk * 16);for (i = 0; i < nblk * 16; i++) {blks[i] = 0;}for (i = 0; i < str.length; i++) {blks[i >> 2] |= str.charCodeAt(i) << ((i % 4) * 8);}blks[i >> 2] |= 128 << ((i % 4) * 8);blks[nblk * 16 - 2] = str.length * 8;return blks;}function add(x, y) {var lsw = (x & 65535) + (y & 65535);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 65535);}function rol(num, cnt) {return (num << cnt) | (num >>> (32 - cnt));}function cmn(q, a, b, x, s, t) {return add(rol(add(add(a, q), add(x, t)), s), b);}function ff(a, b, c, d, x, s, t) {return cmn((b & c) | ((~b) & d), a, b, x, s, t);}function gg(a, b, c, d, x, s, t) {return cmn((b & d) | (c & (~d)), a, b, x, s, t);}function hh(a, b, c, d, x, s, t) {return cmn(b ^ c ^ d, a, b, x, s, t);}function ii(a, b, c, d, x, s, t) {return cmn(c ^ (b | (~d)), a, b, x, s, t);}function MD5(str) {x = str2blks_MD5(str);var a = 1732584193;var b = -271733879;var c = -1732584194;var d = 271733878;for (i = 0; i < x.length; i += 16) {var olda = a;var oldb = b;var oldc = c;var oldd = d;a = ff(a, b, c, d, x[i + 0], 7, -680876936);d = ff(d, a, b, c, x[i + 1], 12, -389564586);c = ff(c, d, a, b, x[i + 2], 17, 606105819);b = ff(b, c, d, a, x[i + 3], 22, -1044525330);a = ff(a, b, c, d, x[i + 4], 7, -176418897);d = ff(d, a, b, c, x[i + 5], 12, 1200080426);c = ff(c, d, a, b, x[i + 6], 17, -1473231341);b = ff(b, c, d, a, x[i + 7], 22, -45705983);a = ff(a, b, c, d, x[i + 8], 7, 1770035416);d = ff(d, a, b, c, x[i + 9], 12, -1958414417);c = ff(c, d, a, b, x[i + 10], 17, -42063);b = ff(b, c, d, a, x[i + 11], 22, -1990404162);a = ff(a, b, c, d, x[i + 12], 7, 1804603682);d = ff(d, a, b, c, x[i + 13], 12, -40341101);c = ff(c, d, a, b, x[i + 14], 17, -1502002290);b = ff(b, c, d, a, x[i + 15], 22, 1236535329);a = gg(a, b, c, d, x[i + 1], 5, -165796510);d = gg(d, a, b, c, x[i + 6], 9, -1069501632);c = gg(c, d, a, b, x[i + 11], 14, 643717713);b = gg(b, c, d, a, x[i + 0], 20, -373897302);a = gg(a, b, c, d, x[i + 5], 5, -701558691);d = gg(d, a, b, c, x[i + 10], 9, 38016083);c = gg(c, d, a, b, x[i + 15], 14, -660478335);b = gg(b, c, d, a, x[i + 4], 20, -405537848);a = gg(a, b, c, d, x[i + 9], 5, 568446438);d = gg(d, a, b, c, x[i + 14], 9, -1019803690);c = gg(c, d, a, b, x[i + 3], 14, -187363961);b = gg(b, c, d, a, x[i + 8], 20, 1163531501);a = gg(a, b, c, d, x[i + 13], 5, -1444681467);d = gg(d, a, b, c, x[i + 2], 9, -51403784);c = gg(c, d, a, b, x[i + 7], 14, 1735328473);b = gg(b, c, d, a, x[i + 12], 20, -1926607734);a = hh(a, b, c, d, x[i + 5], 4, -378558);d = hh(d, a, b, c, x[i + 8], 11, -2022574463);c = hh(c, d, a, b, x[i + 11], 16, 1839030562);b = hh(b, c, d, a, x[i + 14], 23, -35309556);a = hh(a, b, c, d, x[i + 1], 4, -1530992060);d = hh(d, a, b, c, x[i + 4], 11, 1272893353);c = hh(c, d, a, b, x[i + 7], 16, -155497632);b = hh(b, c, d, a, x[i + 10], 23, -1094730640);a = hh(a, b, c, d, x[i + 13], 4, 681279174);d = hh(d, a, b, c, x[i + 0], 11, -358537222);c = hh(c, d, a, b, x[i + 3], 16, -722521979);b = hh(b, c, d, a, x[i + 6], 23, 76029189);a = hh(a, b, c, d, x[i + 9], 4, -640364487);d = hh(d, a, b, c, x[i + 12], 11, -421815835);c = hh(c, d, a, b, x[i + 15], 16, 530742520);b = hh(b, c, d, a, x[i + 2], 23, -995338651);a = ii(a, b, c, d, x[i + 0], 6, -198630844);d = ii(d, a, b, c, x[i + 7], 10, 1126891415);c = ii(c, d, a, b, x[i + 14], 15, -1416354905);b = ii(b, c, d, a, x[i + 5], 21, -57434055);a = ii(a, b, c, d, x[i + 12], 6, 1700485571);d = ii(d, a, b, c, x[i + 3], 10, -1894986606);c = ii(c, d, a, b, x[i + 10], 15, -1051523);b = ii(b, c, d, a, x[i + 1], 21, -2054922799);a = ii(a, b, c, d, x[i + 8], 6, 1873313359);d = ii(d, a, b, c, x[i + 15], 10, -30611744);c = ii(c, d, a, b, x[i + 6], 15, -1560198380);b = ii(b, c, d, a, x[i + 13], 21, 1309151649);a = ii(a, b, c, d, x[i + 4], 6, -145523070);d = ii(d, a, b, c, x[i + 11], 10, -1120210379);c = ii(c, d, a, b, x[i + 2], 15, 718787259);b = ii(b, c, d, a, x[i + 9], 21, -343485551);a = add(a, olda);b = add(b, oldb);c = add(c, oldc);d = add(d, oldd);}return rhex(a) + rhex(b) + rhex(c) + rhex(d);}

------------------------- Background ----------------------------------

Get a random string:

String md5RandomKey = (String)request.getSession().getAttribute("md5RandomKey");

Get password (MD5 string ):

String md5Password = request.getParameter("user_password");

Then, the user name is used to query the password of the user in the database. If the user does not exist, an error is prompted in advance.

Obtain the Database Password and generate the MD5 string together with the above random string (md5randomkey:

String md5Password_real = StringUtils.getMD5Str(attendant.getPassword()+md5RandomKey,null);

Finally, compare the md5password_real and md5password. If they are consistent, the verification is passed.

The following are the two functions used in stringutils in the code above:

1: obtain a random string:

Private Static final string allchar = "0123456789 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz";/*** get random string of any bit (0-9 A-Z A-Z) * @ Param size: * @ return */public static final string getrandomnum (INT size) {stringbuffer sb = new stringbuffer (); random = new random (); for (INT I = 0; I <size; I ++) {sb. append (allchar. charat (random. nextint (allchar. length ();} return sb. tostring ();}

2: generate an MD5 string:

/*** MD5 encryption (ITS) * @ Param Str * @ Param charset * @ return */Public synchronized static final string getmd5str (string STR, string charset) {// MD5 encrypted messagedigest = NULL; try {messagedigest = messagedigest. getinstance ("MD5"); messagedigest. reset (); If (charset = NULL) {messagedigest. update (Str. getbytes ();} else {messagedigest. update (Str. getbytes (charset);} catch (nosuchalgorithmexception e) {log. error ("MD5 error:" + E. getmessage (), e);} catch (unsupportedencodingexception e) {log. error ("MD5 error:" + E. getmessage (), e);} byte [] bytearray = messagedigest. digest (); stringbuffer md5strbuff = new stringbuffer (); For (INT I = 0; I <bytearray. length; I ++) {If (integer. tohexstring (0xff & bytearray [I]). length () = 1) md5strbuff. append ("0 "). append (integer. tohexstring (0xff & bytearray [I]); else md5strbuff. append (integer. tohexstring (0xff & bytearray [I]);} return md5strbuff. tostring ();}

The above The messagedigest package is:Java. Security. messagedigest