iOS development-network data security encryption (MD5)
Last Update:2015-05-08
Source: Internet
Author: User
<span id="Label3"></p>Submit User's Privacy Data<p><p>Be sure to use the POST request to submit the User's privacy data<br>All parameters of the GET request are exposed directly to the URL<br>The requested URL is typically recorded in the Server's access log<br>Server access logs are one of the key objects of hacker attacks</p></p><p><p>User's Privacy Data<br>Login Password<br>Account<br>... ...</p></p>Data security<p><p>Simply submitting a User's privacy data with a POST request is still not a complete solution to the security issue<br>You can use software (such as charles) to set up a proxy server to intercept request data for viewing your phone<br>Therefore: when submitting the User's privacy data, must not be explicitly submitted, to encrypt processing and then submit</p></p><p><p>Common cryptographic algorithms</p></p><pre class="prettyprint"><pre class="prettyprint"><code class=" hljs tex"><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span><span class="hljs-command">\ </span>AES</code></pre></pre><p><p>Selection of cryptographic algorithms<br>General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encrypt</p></p>MD5 encryption<p><p>What is MD5<br>Full name is message Digest algorithm 5, translated as "message Digest algorithm 5th edition"<br>Effect: generates a unique 128-bit hash value (32 characters) for the input information</p></p><p><p>Features of MD5<br>Input two different plaintext does not get the same output value<br>According to the output value, the original plaintext cannot be obtained, i.e. its process is irreversible</p></p><p><p>Application of MD5<br>Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used<br>Mainly used in digital signature, file integrity verification and password encryption and other aspects</p></p><p><p>MD5 decryption Website: http://www.cmd5.com</p></p>MD5 improvements<p><p>Now the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption<br>Add salt: Insert a random string in the fixed position of the plaintext before MD5<br>First encryption, after the Chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order<br>... ...<br>In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintext</p></p>Network Data Encryption Scheme<p>1> encrypted objects: privacy data, such as passwords, bank information<br>2> Encryption Scheme<br>* Submit privacy data, must use POST request<br>* Encrypt private data using cryptographic algorithms, such as MD5<br>3> encryption enhancement: in order to increase the difficulty of the crack<br>* 2 md5:md5 for clear text (MD5 (<span class="MathJax_Preview"><span class="MathJax_Preview"></span></span><span style="" aria-readonly="true" role="textbox" id="MathJax-Element-24-Frame" class="MathJax"> <nobr> <span style="width: 21.017em; display: inline-block;" id="MathJax-Span-1128" class="math"><span style="display: inline-block; position: relative; width: 16.8em; height: 0px; font-size: 125%;"><span style="position: absolute; clip: rect(1.6em, 1000em, 2.925em, -0.555em); top: -2.56em; left: 0em;"><span id="MathJax-Span-1129" class="mrow"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1130" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1130" class="mi">P</span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1131" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1131" class="mi">a</span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1132" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1132" class="mi">s</span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1133" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1133" class="mi">s</span></span><span style="font-family: STIXGeneral;" id="MathJax-Span-1134" class="mo"><span style="font-family: STIXGeneral;" id="MathJax-Span-1134" class="mo">)</span></span><span style="font-family: STIXGeneral;" id="MathJax-Span-1135" class="mo"><span style="font-family: STIXGeneral;" id="MathJax-Span-1135" class="mo">)</span></span><span style="font-family: STIXGeneral; padding-left: 0.25em;" id="MathJax-Span-1136" class="mo"><span style="font-family: STIXGeneral; padding-left: 0.25em;" id="MathJax-Span-1136" class="mo">?</span></span><span style="padding-left: 0.25em;" id="MathJax-Span-1137" class="texatom"><span style="padding-left: 0.25em;" id="MathJax-Span-1137" class="texatom"><span id="MathJax-Span-1138" class="mrow"><span id="MathJax-Span-1139" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">First</span></span></span></span></span><span id="MathJax-Span-1140" class="texatom"><span id="MathJax-Span-1140" class="texatom"><span id="MathJax-Span-1141" class="mrow"><span id="MathJax-Span-1142" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">the</span></span></span></span></span><span id="MathJax-Span-1143" class="texatom"><span id="MathJax-Span-1143" class="texatom"><span id="MathJax-Span-1144" class="mrow"><span id="MathJax-Span-1145" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">Ming</span></span></span></span></span><span id="MathJax-Span-1146" class="texatom"><span id="MathJax-Span-1146" class="texatom"><span id="MathJax-Span-1147" class="mrow"><span id="MathJax-Span-1148" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">text</span></span></span></span></span><span id="MathJax-Span-1149" class="texatom"><span id="MathJax-Span-1149" class="texatom"><span id="MathJax-Span-1150" class="mrow"><span id="MathJax-Span-1151" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">Isaac</span></span></span></span></span><span id="MathJax-Span-1152" class="texatom"><span id="MathJax-Span-1152" class="texatom"><span id="MathJax-Span-1153" class="mrow"><span id="MathJax-Span-1154" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">Salt</span></span></span></span></span><span id="MathJax-Span-1155" class="texatom"><span id="MathJax-Span-1155" class="texatom"><span id="MathJax-Span-1156" class="mrow"><span id="MathJax-Span-1157" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">,</span></span></span></span></span><span id="MathJax-Span-1158" class="texatom"><span id="MathJax-Span-1158" class="texatom"><span id="MathJax-Span-1159" class="mrow"><span id="MathJax-Span-1160" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">again</span></span></span></span></span><span id="MathJax-Span-1161" class="texatom"><span id="MathJax-Span-1161" class="texatom"><span id="MathJax-Span-1162" class="mrow"><span id="MathJax-Span-1163" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">into</span></span></span></span></span><span id="MathJax-Span-1164" class="texatom"><span id="MathJax-Span-1164" class="texatom"><span id="MathJax-Span-1165" class="mrow"><span id="MathJax-Span-1166" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">Line</span></span></span></span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1167" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1167" class="mi">M <span style="display: inline-block; overflow: hidden; height: 1px; width: 0.039em;"></span> </span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1168" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1168" class="mi">D</span></span><span style="font-family: STIXGeneral;" id="MathJax-Span-1169" class="mn"><span style="font-family: STIXGeneral;" id="MathJax-Span-1169" class="mn">5</span></span><span id="MathJax-Span-1170" class="texatom"><span id="MathJax-Span-1170" class="texatom"><span id="MathJax-Span-1171" class="mrow"><span id="MathJax-Span-1172" class="mo"><span style="font-family: STIXGeneral,"Arial Unicode MS",serif; font-size: 80%; font-style: normal; font-weight: normal;">:</span></span></span></span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1173" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1173" class="mi">M <span style="display: inline-block; overflow: hidden; height: 1px; width: 0.039em;"></span> </span></span><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1174" class="mi"><span style="font-family: STIXGeneral; font-style: italic;" id="MathJax-Span-1174" class="mi">D</span></span><span style="font-family: STIXGeneral;" id="MathJax-Span-1175" class="mn"><span style="font-family: STIXGeneral;" id="MathJax-Span-1175" class="mn">5</span></span><span style="font-family: STIXGeneral;" id="MathJax-Span-1176" class="mo"><span style="font-family: STIXGeneral;" id="MathJax-Span-1176" class="mo">(</span></span></span><span style="display: inline-block; width: 0px; height: 2.56em;"><span style="display: inline-block; width: 0px; height: 2.56em;"></span></span></span></span><span style="border-left: 0em solid; display: inline-block; overflow: hidden; width: 0px; height: 1.39em; vertical-align: -0.323em;"><span style="border-left: 0em solid; display: inline-block; overflow: hidden; width: 0px; height: 1.39em; vertical-align: -0.323em;"></span></span></span> </nobr></span>Pass. $salt)</p><p><p>2. Local Storage encryption<br>1> encrypted objects: important data, such as game data</p></p><p><p>3. Code Security issues<br>1> now has tools and techniques to decompile source Code: reverse Engineering<br>* The anti-compilation is pure C language, the readability is not high<br>* At the very least, you can know which frames are used in the source Code.</p></p><p><p>2> reference Book: "reverse Engineering of ios"</p></p><p><p>3> solution: confusing code before publishing<br>* Before confusing</p></p><pre class="prettyprint"><pre class="prettyprint"><code class=" hljs objectivec"><span class="hljs-class"><span class="hljs-keyword">@interface</span> <span class="hljs-title">HMPerson</span> :<span class="hljs-title">NSObject</span></span>- (<span class="hljs-keyword">void</span>)run;- (<span class="hljs-keyword">void</span>)eat;<span class="hljs-keyword">@end</span></code></pre></pre> <ul> <ul> <li>After confusion</li> </ul> </ul><pre class="prettyprint"><pre class="prettyprint"><code class=" hljs objectivec"><span class="hljs-class"><span class="hljs-keyword">@interface</span> <span class="hljs-title">A</span> :<span class="hljs-title">NSObject</span></span>- (<span class="hljs-keyword">void</span>)a;- (<span class="hljs-keyword">void</span>)b;<span class="hljs-keyword">@end</span></code></pre></pre>MD5 Encryption Instance<p><p><strong>Import encrypted Files</strong><br></p></p><pre class="prettyprint"><code class=" hljs objectivec"><span class="hljs-preprocessor"><span class="hljs-preprocessor">#import <span class="hljs-title">"ViewController.h"</span> </span></span><span class="hljs-preprocessor"><span class="hljs-preprocessor">#import <span class="hljs-title">"MBProgressHUD.h"</span> </span></span><span class="hljs-preprocessor"><span class="hljs-preprocessor">#import <span class="hljs-title">"nsstring+hash.h"</span> </span></span><span class="hljs-class"><span class="hljs-class"> <span class="hljs-keyword">@interface</span> <span class="hljs-title">viewcontroller</span> ()</span></span><span class="hljs-keyword"><span class="hljs-keyword">@property</span></span>(<span class="hljs-keyword"><span class="hljs-keyword">Weak</span></span>,<span class="hljs-keyword"><span class="hljs-keyword">nonatomic</span></span>)<span class="hljs-keyword"><span class="hljs-keyword">Iboutlet</span></span>Uitextfield *username;<span class="hljs-keyword"><span class="hljs-keyword">@property</span></span>(<span class="hljs-keyword"><span class="hljs-keyword">Weak</span></span>,<span class="hljs-keyword"><span class="hljs-keyword">nonatomic</span></span>)<span class="hljs-keyword"><span class="hljs-keyword">Iboutlet</span></span>Uitextfield *pwd;-(<span class="hljs-keyword"><span class="hljs-keyword">ibaction</span></span>) login;<span class="hljs-keyword"><span class="hljs-keyword">@end</span></span><span class="hljs-class"><span class="hljs-class"> <span class="hljs-keyword">@implementation</span> <span class="hljs-title">viewcontroller</span> </span></span>- (<span class="hljs-keyword"><span class="hljs-keyword">void</span></span>) viewdidload{[<span class="hljs-keyword"><span class="hljs-keyword">Super</span></span>viewdidload];<span class="hljs-comment"><span class="hljs-comment">additional setup after loading the view, typically from a nib.</span></span>}- (<span class="hljs-keyword"><span class="hljs-keyword">void</span></span>) touchesbegan: (nsset *) touches withevent: (uievent *) event{[<span class="hljs-keyword"><span class="hljs-keyword"></span> self</span><span class="hljs-variable"><span class="hljs-variable">. View</span></span>Endediting:<span class="hljs-literal"><span class="hljs-literal">YES</span></span>];} - (<span class="hljs-keyword"><span class="hljs-keyword">ibaction</span></span>) Login {<span class="hljs-comment"><span class="hljs-comment">//1. User Name</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*usernametext =<span class="hljs-keyword"><span class="hljs-keyword"></span> self</span><span class="hljs-variable"><span class="hljs-variable">. Username</span></span><span class="hljs-variable"><span class="hljs-variable">. Text</span></span>;<span class="hljs-keyword"><span class="hljs-keyword">if</span></span>(usernametext<span class="hljs-variable"><span class="hljs-variable">. Length</span></span>==<span class="hljs-number"><span class="hljs-number">0</span></span>) {[mbprogresshud showerror:@<span class="hljs-string"><span class="hljs-string">"please Enter User name"</span></span>];<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>; }<span class="hljs-comment"><span class="hljs-comment">//2. Password</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*pwdtext =<span class="hljs-keyword"><span class="hljs-keyword"></span> self</span><span class="hljs-variable"><span class="hljs-variable">. PWD</span></span><span class="hljs-variable"><span class="hljs-variable">. Text</span></span>;<span class="hljs-keyword"><span class="hljs-keyword">if</span></span>(pwdtext<span class="hljs-variable"><span class="hljs-variable">. Length</span></span>==<span class="hljs-number"><span class="hljs-number">0</span></span>) {[mbprogresshud showerror:@<span class="hljs-string"><span class="hljs-string">"please Enter your password"</span></span>];<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>; }<span class="hljs-comment"><span class="hljs-comment">//add Mask</span></span>[mbprogresshud showmessage:@<span class="hljs-string"><span class="hljs-string">"trying to log in ..."</span></span>];<span class="hljs-comment"><span class="hljs-comment">//3. Send the user name and password to the server (take the HTTP protocol)</span></span> <span class="hljs-comment"><span class="hljs-comment">//create a url: request path</span></span> <span class="hljs-built_in"><span class="hljs-built_in">Nsurl</span></span>*url = [<span class="hljs-built_in"><span class="hljs-built_in">Nsurl</span></span>urlwithstring:@<span class="hljs-string"><span class="hljs-string">"http://218.83.161.124:8080/job/login"</span></span>];<span class="hljs-comment"><span class="hljs-comment">//create a request</span></span>Nsmutableurlrequest *request = [nsmutableurlrequest requestwithurl:url];<span class="hljs-comment"><span class="hljs-comment">//5 seconds after count request Timeout (default 60s Timeout)</span></span>Request<span class="hljs-variable"><span class="hljs-variable">. timeOutInterval</span></span>=<span class="hljs-number"><span class="hljs-number"></span> the</span>; Request<span class="hljs-variable"><span class="hljs-variable">. HttpMethod</span></span>= @<span class="hljs-string"><span class="hljs-string">"POST"</span></span>;<span class="hljs-preprocessor"><span class="hljs-preprocessor">#warning Encrypt the Pwdtext</span></span>Pwdtext = [<span class="hljs-keyword"><span class="hljs-keyword"></span> self</span>md5reorder:pwdtext];<span class="hljs-comment"><span class="hljs-comment">//set the request body</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*param = [<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>stringwithformat:@<span class="hljs-string"><span class="hljs-string">"username=%@&pwd=%@"</span></span>, usernametext, pwdtext];<span class="hljs-built_in"><span class="hljs-built_in">NSLog</span></span>(@<span class="hljs-string"><span class="hljs-string">"%@"</span></span>, param);<span class="hljs-comment"><span class="hljs-comment">//nsstring-nsdata</span></span>Request<span class="hljs-variable"><span class="hljs-variable">. Httpbody</span></span>= [param datausingencoding:nsutf8stringencoding];<span class="hljs-comment"><span class="hljs-comment">//set request header information</span></span>[request setvalue:@<span class="hljs-string"><span class="hljs-string">"iPhone 6"</span></span>forhttpheaderfield:@<span class="hljs-string"><span class="hljs-string">"user-agent"</span></span>];<span class="hljs-comment"><span class="hljs-comment">//send A sync request (send a request on the main thread)</span></span> <span class="hljs-comment"><span class="hljs-comment">//queue: Store Completionhandler this task</span></span>Nsoperationqueue *queue = [nsoperationqueue mainqueue]; [<span class="hljs-built_in"><span class="hljs-built_in">nsurlconnection</span></span>Sendasynchronousrequest:request queue:queue completionhandler: ^ (nsurlresponse *response, NSData *data,<span class="hljs-built_in"><span class="hljs-built_in">Nserror</span></span>*connectionerror) {<span class="hljs-comment"><span class="hljs-comment">//hide Masks</span></span>[mbprogresshud hidehud];<span class="hljs-comment"><span class="hljs-comment">//this block will be automatically called when the request is complete</span></span> <span class="hljs-keyword"><span class="hljs-keyword">if</span></span>(connectionerror | | data = =<span class="hljs-literal"><span class="hljs-literal">Nil</span></span>) {<span class="hljs-comment"><span class="hljs-comment">//general Request timed out will come here</span></span>[mbprogresshud showerror:@<span class="hljs-string"><span class="hljs-string">"request failed"</span></span>];<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>; }<span class="hljs-comment"><span class="hljs-comment">//parse The JSON data returned by the server</span></span> <span class="hljs-built_in"><span class="hljs-built_in">nsdictionary</span></span>*dict = [nsjsonserialization Jsonobjectwithdata:data options:nsjsonreadingmutableleaves error:<span class="hljs-literal"><span class="hljs-literal">Nil</span></span>];<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*error = dict[@<span class="hljs-string"><span class="hljs-string">"error"</span></span>];<span class="hljs-keyword"><span class="hljs-keyword">if</span></span>(error) {[mbprogresshud showerror:error]; }<span class="hljs-keyword"><span class="hljs-keyword">Else</span></span>{<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*success = dict[@<span class="hljs-string"><span class="hljs-string">"success"</span></span>]; [mbprogresshud showsuccess:success]; } }];}<span class="hljs-comment"><span class="hljs-comment">/** * MD5 ($pass. $salt) * * @param text plaintext * * @return ciphertext after encryption */</span></span>- (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) Md5salt: (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) text{<span class="hljs-comment"><span class="hljs-comment">//sprinkle salt: Randomly insert any string into the clear text</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*salt = [text stringbyappendingstring:@<span class="hljs-string"><span class="hljs-string">"aaa"</span></span>];<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>[salt md5string];}<span class="hljs-comment"><span class="hljs-comment">/** * MD5 (MD5 ($PASS)) * * @param text plaintext * * @return encrypted ciphertext</span> */</span>- (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) DoubleMD5: (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) text{<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>[[text md5string] md5string];}<span class="hljs-comment"><span class="hljs-comment">/** * Encrypt first, post-order * * @param text plaintext * * @return encrypted ciphertext</span> */</span>- (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) Md5reorder: (<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*) text{<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*pwd = [text md5string];<span class="hljs-comment"><span class="hljs-comment">//after encrypting pwd = = 3f853778a951fd2cdf34dfd16504c5d8</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*prefix = [pwd substringfromindex:<span class="hljs-number"><span class="hljs-number">2</span></span>];<span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*subfix = [pwd substringtoindex:<span class="hljs-number"><span class="hljs-number">2</span></span>];<span class="hljs-comment"><span class="hljs-comment">//post-order result = = 853778a951fd2cdf34dfd16504c5d83f</span></span> <span class="hljs-built_in"><span class="hljs-built_in">NSString</span></span>*result = [prefix stringbyappendingstring:subfix];<span class="hljs-built_in"><span class="hljs-built_in">NSLog</span></span>(@<span class="hljs-string"><span class="hljs-string">"\ntext=%@\npwd=%@\nresult=%@"</span></span>, text, pwd, result);<span class="hljs-keyword"><span class="hljs-keyword">return</span></span>result;}<span class="hljs-keyword"><span class="hljs-keyword">@end</span></span></code></pre> <p><p>iOS development-network data security encryption (MD5)</p></p></span>