iOS development-network data security encryption (MD5)

Last Update:2015-05-08 Source: Internet

Author: User

Tags md5 encryption

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Submit User's Privacy DataBe sure to use the POST request to submit the User's privacy data All parameters of the GET request are exposed directly to the URL The requested URL is typically recorded in the Server's access log Server access logs are one of the key objects of hacker attacksUser's Privacy Data Login Password Account ... ...Data securitySimply submitting a User's privacy data with a POST request is still not a complete solution to the security issue You can use software (such as charles) to set up a proxy server to intercept request data for viewing your phone Therefore: when submitting the User's privacy data, must not be explicitly submitted, to encrypt processing and then submitCommon cryptographic algorithms<pre class="prettyprint"><pre class="prettyprint"><code class=" hljs tex">\ \ \ \ \ \ \ \ AES</code></pre></pre>Selection of cryptographic algorithms General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encryptMD5 encryptionWhat is MD5 Full name is message Digest algorithm 5, translated as "message Digest algorithm 5th edition" Effect: generates a unique 128-bit hash value (32 characters) for the input informationFeatures of MD5 Input two different plaintext does not get the same output value According to the output value, the original plaintext cannot be obtained, i.e. its process is irreversibleApplication of MD5 Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used Mainly used in digital signature, file integrity verification and password encryption and other aspectsMD5 decryption Website: http://www.cmd5.comMD5 improvementsNow the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption Add salt: Insert a random string in the fixed position of the plaintext before MD5 First encryption, after the Chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order ... ... In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintextNetwork Data Encryption Scheme1> encrypted objects: privacy data, such as passwords, bank information 2> Encryption Scheme * Submit privacy data, must use POST request * Encrypt private data using cryptographic algorithms, such as MD5 3> encryption enhancement: in order to increase the difficulty of the crack * 2 md5:md5 for clear text (MD5 ( Pass))?FirsttheMingtextIsaacSalt,againintoLineM D5:M D5( Pass. $salt)2. Local Storage encryption 1> encrypted objects: important data, such as game data3. Code Security issues 1> now has tools and techniques to decompile source Code: reverse Engineering * The anti-compilation is pure C language, the readability is not high * At the very least, you can know which frames are used in the source Code.2> reference Book: "reverse Engineering of ios"3> solution: confusing code before publishing * Before confusing<pre class="prettyprint"><pre class="prettyprint"><code class=" hljs objectivec">@interface HMPerson :NSObject- (void)run;- (void)eat;@end</code></pre></pre> <ul> <ul> <li>After confusion</li> </ul> </ul><pre class="prettyprint"><pre class="prettyprint"><code class=" hljs objectivec">@interface A :NSObject- (void)a;- (void)b;@end</code></pre></pre>MD5 Encryption InstanceImport encrypted Files <pre class="prettyprint"><code class=" hljs objectivec">#import "ViewController.h" #import "MBProgressHUD.h" #import "nsstring+hash.h" @interface viewcontroller ()@property(Weak,nonatomic)IboutletUitextfield *username;@property(Weak,nonatomic)IboutletUitextfield *pwd;-(ibaction) login;@end @implementation viewcontroller - (void) viewdidload{[Superviewdidload];additional setup after loading the view, typically from a nib.}- (void) touchesbegan: (nsset *) touches withevent: (uievent *) event{[ self. ViewEndediting:YES];} - (ibaction) Login {//1. User Name NSString*usernametext = self. Username. Text;if(usernametext. Length==0) {[mbprogresshud showerror:@"please Enter User name"];return; }//2. Password NSString*pwdtext = self. PWD. Text;if(pwdtext. Length==0) {[mbprogresshud showerror:@"please Enter your password"];return; }//add Mask[mbprogresshud showmessage:@"trying to log in ..."];//3. Send the user name and password to the server (take the HTTP protocol) //create a url: request path Nsurl*url = [Nsurlurlwithstring:@"http://218.83.161.124:8080/job/login"];//create a requestNsmutableurlrequest *request = [nsmutableurlrequest requestwithurl:url];//5 seconds after count request Timeout (default 60s Timeout)Request. timeOutInterval= the; Request. HttpMethod= @"POST";#warning Encrypt the PwdtextPwdtext = [ selfmd5reorder:pwdtext];//set the request body NSString*param = [NSStringstringwithformat:@"username=%@&pwd=%@", usernametext, pwdtext];NSLog(@"%@", param);//nsstring-nsdataRequest. Httpbody= [param datausingencoding:nsutf8stringencoding];//set request header information[request setvalue:@"iPhone 6"forhttpheaderfield:@"user-agent"];//send A sync request (send a request on the main thread) //queue: Store Completionhandler this taskNsoperationqueue *queue = [nsoperationqueue mainqueue]; [nsurlconnectionSendasynchronousrequest:request queue:queue completionhandler: ^ (nsurlresponse *response, NSData *data,Nserror*connectionerror) {//hide Masks[mbprogresshud hidehud];//this block will be automatically called when the request is complete if(connectionerror | | data = =Nil) {//general Request timed out will come here[mbprogresshud showerror:@"request failed"];return; }//parse The JSON data returned by the server nsdictionary*dict = [nsjsonserialization Jsonobjectwithdata:data options:nsjsonreadingmutableleaves error:Nil];NSString*error = dict[@"error"];if(error) {[mbprogresshud showerror:error]; }Else{NSString*success = dict[@"success"]; [mbprogresshud showsuccess:success]; } }];}/** * MD5 ($pass. $salt) * * @param text plaintext * * @return ciphertext after encryption */- (NSString*) Md5salt: (NSString*) text{//sprinkle salt: Randomly insert any string into the clear text NSString*salt = [text stringbyappendingstring:@"aaa"];return[salt md5string];}/** * MD5 (MD5 ($PASS)) * * @param text plaintext * * @return encrypted ciphertext */- (NSString*) DoubleMD5: (NSString*) text{return[[text md5string] md5string];}/** * Encrypt first, post-order * * @param text plaintext * * @return encrypted ciphertext */- (NSString*) Md5reorder: (NSString*) text{NSString*pwd = [text md5string];//after encrypting pwd = = 3f853778a951fd2cdf34dfd16504c5d8 NSString*prefix = [pwd substringfromindex:2];NSString*subfix = [pwd substringtoindex:2];//post-order result = = 853778a951fd2cdf34dfd16504c5d83f NSString*result = [prefix stringbyappendingstring:subfix];NSLog(@"\ntext=%@\npwd=%@\nresult=%@", text, pwd, result);returnresult;}@end</code></pre> iOS development-network data security encryption (MD5)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More