iOS Development Web chapter-Data security (encrypted using the MD5 algorithm)

A simple explanation

1. Description

When developing an application, the security of the data is critical, and simply submitting the user's privacy data with a POST request is still not a complete solution to the security issue.

Such as: You can use software (such as Charles) to set up a proxy server to intercept the request data to view the phone

"Blue and white porcelain" software

Therefore: When submitting the user's privacy data, must not be explicitly submitted, to encrypt processing and then submit

2. Common cryptographic algorithms

MD5 \ SHA \ DES \ 3DES \ RC2 and RC4 \ RSA \ idea \ DSA \ AES

3. Selection of cryptographic algorithms

General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encrypt

Second, MD5

1. Brief description

MD5: Full name is message Digest algorithm 5, translated as "Message Digest algorithm 5th Edition"

Effect: Generates a unique 128-bit hash value (32 characters) for the input information

Features of 2.MD5

(1) input two different plaintext will not get the same output value

(2) According to the output value, the original plaintext cannot be obtained, that is, its process is irreversible

Application of 3.MD5

Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used

Mainly used in digital signature, file integrity verification and password encryption and other aspects

4.MD5 hack

MD5 Decryption Website: http://www.cmd5.com

5.MD5 improvements

Now the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption

Add Salt: Insert a random string in the fixed position of the plaintext before MD5

First encryption, after the chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order

In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintext

code example:

1 #import "HMViewController.h"
2 #import "NSString+Hash.h"
Three
4 #define Salt @"fsdhjkfhjksdhjkfjhkd546783765"
Five
6 @interface HMViewController ()
Seven
8 @end
Nine
10 @implementation HMViewController
Eleven
12 - (void)viewDidLoad
13 {
14     [super viewDidLoad];
Fifteen
16     [self digest:@"123"]; //
17     [self digest:@"abc"];
18     [self digest:@"456"];
19}
Twenty
21 / * *
22 * encrypt directly with MD5
23 * /
24 - (NSString *)digest:(NSString *)str
25 {
26     NSString *anwen = [str md5String];
27     NSLog(@"%@ - %@", str, anwen);
28     return anwen;
29}
Thirty
31 / * *
32 * salt
33 * /
34 - (NSString *)digest2:(NSString *)str
35 {
36     str = [str stringByAppendingString:Salt];
Thirty-seven
38     NSString *anwen = [str md5String];
39     NSLog(@"%@ - %@", str, anwen);
40     return anwen;
41}
Forty-two
43 / * *
44 * multiple MD5
45 * /
46 - (NSString *)digest3:(NSString *)str
47 {
48     NSString *anwen = [str md5String];
Forty-nine
50     anwen = [anwen md5String];
Fifty-one
52     NSLog(@"%@ - %@", str, anwen);
53     return anwen;
54}
Fifty-five
56 / * *
57 * encrypt first, then shuffle
58 * /
59 - (NSString *)digest4:(NSString *)str
60 {
61     NSString *anwen = [str md5String];
Sixty-two
63 / / registration: 123 ---- 2cb962ac59075b964b07152d234b7020
Sixty-four
65 / / login: 123 --- 202cb962ac59075b964b07152d234b70
Sixty-six
67     NSString *header = [anwen substringToIndex:2];
68     NSString *footer = [anwen substringFromIndex:2];
69     anwen = [footer stringByAppendingString:header];
Seventy
71     NSLog(@"%@ - %@", str, anwen);
72     return anwen;
73}
74 @end 

(1) Direct use of MD5 encryption (to MD5 decryption site can be cracked)

(2) using salt (after decryption by MD5, it is easy to find the law)

(3) Multiple MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)

(4) First encryption, after the disorderly sequence (crack difficulty increased)

III. registration and validation of data processing procedures

1. Security procedures for submitting private data – Registration

2. Security procedures for submitting private data – Login

iOS Development Web chapter-Data security (encrypted using the MD5 algorithm)