iOS Development Web chapter-Data security (encrypted using the MD5 algorithm)

Source: Internet
Author: User

A simple explanation

1. Description

When developing an application, the security of the data is critical, and simply submitting the user's privacy data with a POST request is still not a complete solution to the security issue.

Such as: You can use software (such as Charles) to set up a proxy server to intercept the request data to view the phone

"Blue and white porcelain" software

Therefore: When submitting the user's privacy data, must not be explicitly submitted, to encrypt processing and then submit

2. Common cryptographic algorithms

MD5 \ SHA \ DES \ 3DES \ RC2 and RC4 \ RSA \ idea \ DSA \ AES

3. Selection of cryptographic algorithms

General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encrypt

Second, MD5

1. Brief description

MD5: Full name is message Digest algorithm 5, translated as "Message Digest algorithm 5th Edition"

Effect: Generates a unique 128-bit hash value (32 characters) for the input information

Features of 2.MD5

(1) input two different plaintext will not get the same output value

(2) According to the output value, the original plaintext cannot be obtained, that is, its process is irreversible

Application of 3.MD5

Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used

Mainly used in digital signature, file integrity verification and password encryption and other aspects

4.MD5 hack

MD5 Decryption Website: http://www.cmd5.com

5.MD5 improvements

Now the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption

Add Salt: Insert a random string in the fixed position of the plaintext before MD5

First encryption, after the chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order

In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintext

code example:

1 #import "HMViewController.h"2 #import "nsstring+hash.h"3 4 #defineSalt @ "fsdhjkfhjksdhjkfjhkd546783765"5 6 @interfaceHmviewcontroller ()7 8 @end9 Ten @implementationHmviewcontroller One  A- (void) Viewdidload - { - [Super Viewdidload]; the      -[Self Digest:@"123"];// -[Self Digest:@"ABC"]; -[Self Digest:@"456"]; + } -  + /** A * Encrypt directly with MD5 at  */ --(NSString *) Digest: (NSString *) Str - { -NSString *anwen =[str md5string]; -NSLog (@"%@ - %@", str, anwen); -     returnAnwen; in } -  to /** + * Add salt -  */ the-(NSString *) Digest2: (NSString *) Str * { $str =[str stringbyappendingstring:salt];Panax Notoginseng      -NSString *anwen =[str md5string]; theNSLog (@"%@ - %@", str, anwen); +     returnAnwen; A } the  + /** - * Multiple MD5 $  */ $-(NSString *) Digest3: (NSString *) Str - { -NSString *anwen =[str md5string]; the      -Anwen =[Anwen md5string];Wuyi      theNSLog (@"%@ - %@", str, anwen); -     returnAnwen; Wu } -  About /** $ * Encrypt first, then chaos sequence -  */ --(NSString *) Digest4: (NSString *) Str - { ANSString *anwen =[str md5string]; +      the     //registration: 123----2cb962ac59075b964b07152d234b7020 -      $     //Login: 123---202cb962ac59075b964b07152d234b70 the      theNSString *header = [Anwen substringtoindex:2]; theNSString *footer = [Anwen substringfromindex:2]; theAnwen =[Footer Stringbyappendingstring:header]; -      inNSLog (@"%@ - %@", str, anwen); the     returnAnwen; the } About @end

(1) Direct use of MD5 encryption (to MD5 decryption site can be cracked)

(2) using salt (after decryption by MD5, it is easy to find the law)

(3) Multiple MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)

(4) First encryption, after the disorderly sequence (crack difficulty increased)

III. registration and validation of data processing procedures

1. Security procedures for submitting private data – Registration

2. Security procedures for submitting private data – Login

iOS Development Web chapter-Data security (encrypted using the MD5 algorithm)

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.