A simple explanation
1. Description
When developing an application, the security of the data is critical, and simply submitting the user's privacy data with a POST request is still not a complete solution to the security issue.
Such as: You can use software (such as Charles) to set up a proxy server to intercept the request data to view the phone
"Blue and white porcelain" software
Therefore: When submitting the user's privacy data, must not be explicitly submitted, to encrypt processing and then submit
2. Common cryptographic algorithms
MD5 \ SHA \ DES \ 3DES \ RC2 and RC4 \ RSA \ idea \ DSA \ AES
3. Selection of cryptographic algorithms
General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encrypt
Second, MD5
1. Brief description
MD5: Full name is message Digest algorithm 5, translated as "Message Digest algorithm 5th Edition"
Effect: Generates a unique 128-bit hash value (32 characters) for the input information
Features of 2.MD5
(1) input two different plaintext will not get the same output value
(2) According to the output value, the original plaintext cannot be obtained, that is, its process is irreversible
Application of 3.MD5
Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used
Mainly used in digital signature, file integrity verification and password encryption and other aspects
4.MD5 hack
MD5 Decryption Website: http://www.cmd5.com
5.MD5 improvements
Now the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption
Add Salt: Insert a random string in the fixed position of the plaintext before MD5
First encryption, after the chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order
In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintext
code example:
1 #import "HMViewController.h"
2 #import "NSString+Hash.h"
Three
4 #define Salt @"fsdhjkfhjksdhjkfjhkd546783765"
Five
6 @interface HMViewController ()
Seven
8 @end
Nine
10 @implementation HMViewController
Eleven
12 - (void)viewDidLoad
13 {
14 [super viewDidLoad];
Fifteen
16 [self digest:@"123"]; //
17 [self digest:@"abc"];
18 [self digest:@"456"];
19}
Twenty
21 / * *
22 * encrypt directly with MD5
23 * /
24 - (NSString *)digest:(NSString *)str
25 {
26 NSString *anwen = [str md5String];
27 NSLog(@"%@ - %@", str, anwen);
28 return anwen;
29}
Thirty
31 / * *
32 * salt
33 * /
34 - (NSString *)digest2:(NSString *)str
35 {
36 str = [str stringByAppendingString:Salt];
Thirty-seven
38 NSString *anwen = [str md5String];
39 NSLog(@"%@ - %@", str, anwen);
40 return anwen;
41}
Forty-two
43 / * *
44 * multiple MD5
45 * /
46 - (NSString *)digest3:(NSString *)str
47 {
48 NSString *anwen = [str md5String];
Forty-nine
50 anwen = [anwen md5String];
Fifty-one
52 NSLog(@"%@ - %@", str, anwen);
53 return anwen;
54}
Fifty-five
56 / * *
57 * encrypt first, then shuffle
58 * /
59 - (NSString *)digest4:(NSString *)str
60 {
61 NSString *anwen = [str md5String];
Sixty-two
63 / / registration: 123 ---- 2cb962ac59075b964b07152d234b7020
Sixty-four
65 / / login: 123 --- 202cb962ac59075b964b07152d234b70
Sixty-six
67 NSString *header = [anwen substringToIndex:2];
68 NSString *footer = [anwen substringFromIndex:2];
69 anwen = [footer stringByAppendingString:header];
Seventy
71 NSLog(@"%@ - %@", str, anwen);
72 return anwen;
73}
74 @end
(1) Direct use of MD5 encryption (to MD5 decryption site can be cracked)
(2) using salt (after decryption by MD5, it is easy to find the law)
(3) Multiple MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)
(4) First encryption, after the disorderly sequence (crack difficulty increased)
III. registration and validation of data processing procedures
1. Security procedures for submitting private data – Registration
2. Security procedures for submitting private data – Login
iOS Development Web chapter-Data security (encrypted using the MD5 algorithm)