IOS development-network data security encryption (MD5)
Submit users' private data
You must use the POST request to submit your private data.
All parameters of the GET request are directly exposed in the URL.
The requested URL is generally recorded in the server access log.
Server access logs are one of the key targets of hacker attacks.
User's private data
Logon Password
Bank account
... ...
Data security
Using POST requests to submit user private data alone cannot completely solve security problems
You can use software (such as Charles) to set up a proxy server to intercept and view mobile phone request data.
Therefore, do not submit your private data in plain text. You must encrypt the data before submitting it.
Common encryption algorithms
MD5 \ SHA \ DES \ 3DES \ RC2 and RC4 \ RSA \ IDEA \ DSA \ AES
Encryption Algorithm Selection
Generally, companies have their own encryption solutions, which are encrypted according to the company's interface documentation.
MD5 Encryption
What is MD5?
Message Digest Algorithm 5 (Message Digest Algorithm version 5th"
Effect: generate a unique 128-bit hash value for the input information (32 characters)
MD5 features
Two different plaintext values are input, and the same output value is not obtained.
According to the output value, the original plain text cannot be obtained, that is, the process is irreversible.
MD5 Application
The MD5 encryption algorithm is widely used because it is secure and free of charge.
It is mainly used in digital signatures, file integrity verification, and password encryption.
MD5 decryption site: http://www.cmd5.com
MD5 Improvement
Currently, MD5 is no longer absolutely secure. To solve this problem, We Can slightly improve MD5 to increase the difficulty of decryption.
Add Salt (Salt): Insert a random string at a fixed position in the plain text, and then perform MD5
Encryption first, followed by out-of-order: MD5 is performed on the plaintext, and then the characters in the encrypted MD5 string are in out-of-order.
... ...
In short, the objective is: Even if Hackers break the database, they cannot decrypt the correct plaintext.
Network Data Encryption Solution
1> encrypted object: private data, such as passwords and bank information
2> encryption Solution
* Private data must be submitted using a POST request.
* Use encryption algorithms to encrypt private data, such as MD5.
3> Enhanced encryption: to increase the difficulty of cracking
* Perform MD5: MD5 (MD5 ( Pass ))? First, salt the plaintext, and then perform MD5: MD5 ( Pass. $ salt)
2. encryption of Local Storage
1> encrypted object: important data, such as game data
3. Code security issues
1> tools and technologies are now available to decompile source code: Reverse Engineering
* All decompiled files are pure C language, which is less readable.
* At least, you can know which frameworks are used in the source code.
2> reference books: iOS Reverse Engineering
3> solution: obfuscation of code before release
* Before Obfuscation
@interface HMPerson :NSObject- (void)run;- (void)eat;@end
After Obfuscation
@interface A :NSObject- (void)a;- (void)b;@end
MD5 encryption instance
Import Encrypted Files
# Import "ViewController. h "# import" MBProgressHUD. h "# import" NSString + Hash. h "@ interface ViewController () @ property (weak, nonatomic) IBOutlet UITextField * username; @ property (weak, nonatomic) IBOutlet UITextField * pwd;-(IBAction) login; @ end @ implementation ViewController-(void) viewDidLoad {[super viewDidLoad]; // Do any additional setup after loading the view, typically from a nib .} -(void) touchesBegan :( NSSet *) touches withEvent :( UIEvent *) event {[self. view endEditing: YES];}-(IBAction) login {// 1. username NSString * usernameText = self. username. text; if (usernameText. length = 0) {[MBProgressHUD showError: @ "enter username"]; return;} // 2. password NSString * pwdText = self. pwd. text; if (pwdText. length = 0) {[MBProgressHUD showError: @ "Enter Password"]; return;} // Add the mask [MBProgressHUD showMessage: @ "logging in desperately .... "]; // 3. send the user name and password to the server (using the HTTP protocol) // create a URL: Request Path NSURL * url = [NSURL URLWithString: @ "http: // 218.83.161.124: 8080/job/login "]; // create a request NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL: url]; // request timeout (60 s by default) after 5 seconds. timeoutInterval = 15; request. HTTPMethod = @ "POST"; # warning encrypts pwdText = [self MD5Reorder: pwdText]; // sets the Request body NSString * param = [NSString stringWithFormat: @ "username = % @ & pwd = % @", usernameText, pwdText]; NSLog (@ "% @", param); // NSString --> NSData request. HTTPBody = [param dataUsingEncoding: NSUTF8StringEncoding]; // set the request header information [request setValue: @ "iPhone 6" forHTTPHeaderField: @ "User-Agent"]; // send a synchronous request (send the request in the main thread) // queue: stores the completionHandler task NSOperationQueue * queue = [NSOperationQueue mainQueue]; [NSURLConnection handler: request queue: queue completionHandler: ^ (NSURLResponse * response, NSData * data, NSError * connectionError) {// hide the mask [MBProgressHUD hideHUD]; // this block will automatically call if (connectionError | data = nil) when the request is complete {// generally, the request will come to this [MBProgressHUD showError: @ "request failed"]; return;} // parse the JSON data returned by the server NSDictionary * dict = [NSJSONSerialization JSONObjectWithData: data options: NSJSONReadingMutableLeaves error: nil]; NSString * error = dict [@ "error"]; if (error) {[MBProgressHUD showError: error];} else {NSString * success = dict [@ "success"]; [MBProgressHUD showSuccess: success] ;}] ;}/ *** MD5 ($ pass. $ salt) ** @ param text plaintext ** @ return encrypted ciphertext */-(NSString *) MD5Salt :( NSString *) text {// salt: randomly insert any string NSString * salt = [text stringByAppendingString: @ "aaa"]; return [salt md5String];} /*** MD5 ($ pass) ** @ param text plaintext ** @ return encrypted ciphertext */-(NSString *) doubleMD5 :( NSString *) text {return [[text md5String] md5String];}/*** encrypt first, * @ param text plaintext ** @ return encrypted ciphertext */-(NSString *) MD5Reorder :( NSString *) text {NSString * pwd = [text md5String]; // encrypted pwd = 3f853778a951fd2cdf34dfd16504c5d8 NSString * prefix = [pwd substringFromIndex: 2]; NSString * subfix = [pwd substringToIndex: 2]; // result = 853778a951fd2cdf34dfd16504c5d83f NSString * result = [prefix stringByAppendingString: subfix]; NSLog (@ "\ ntext =%@ \ npwd =%@ \ nresult =%@", text, pwd, result); return result ;}@ end