In the network application, the time to ensure that the user data security, so to encrypt. The MD5 algorithm is used in many countries.
features of the MD5 algorithm: * The same data encryption results are the same. (32 characters) * irreversible. (Cannot reverse decrypt) * Can be used for file check/fingerprint identification. The MD5 algorithm is public, and the MD5 algorithm is already packaged in iOS. It can be written as a string classification:
[OBJC]View Plaincopy
- -(NSString *) MD5String
- {
- Const Char char*string = self. utf8string;
- int length = (int) strlen (string);
- unsigned char bytes[cc_md5_digest_length];
- CC_MD5 (string, length, bytes);
- return [self stringfrombytes:bytes length:cc_md5_digest_length];
- }
It is important to encrypt the user's login data in an iOS program. To do so, even if the data is hijacked, the original data can not be restored to the point.
one, ordinary MD5 encryptionToo simple MD5 encryption can easily be cracked. Typically used when MD5 encryption is performed
"Add Seasoning"The method. Simple MD5 can be cracked on this website: www.cmd5.com The following is the method for MD5 encryption:
tokenA string that is added, which can be a grotesque string of any length.
[OBJC]View Plaincopy
- -(ibaction) Login: (UIButton *) Sender {
- [self postlogin];
- }
- /** when submitting user data, it is relatively safe to post. Convert user data into a model at the same time * *
- -(void) Postlogin {
- //1.url
- nsstring *urlstr = [NSString stringwithformat:@ "http://localhost/login.php"];
- Nsurl *url = [Nsurl urlwithstring:urlstr];
- //2. Establishing Mutablerequest
- nsmutableurlrequest *request = [nsmutableurlrequest requestwithurl:url];
- //3. Setting
- Request. HttpMethod = @ "POST";
- //Request body can be found in Firebug
- NSString *pwd = self. userpwd. Text;
- //Add salt First, encrypt with MD5. (The server simply stores salt and encryption to save the line). In reality there is a public/private key, and the server is not simply storing the password.
- PWD = [pwd stringbyappendingstring:token];
- PWD = [pwd md5string];
- NSLog (@ "%@", PWD);
- nsstring *body = [NSString stringwithformat:@ "username=%@&password=%@", self. Username. Text, pwd];
- Request. Httpbody = [Body datausingencoding:nsutf8StringEncoding];
- //4. Establish a connection. (data is the fetch, same as Get)
- [Nsurlconnection sendasynchronousrequest:request queue:[[nsoperationqueue alloc] init] Completionhandler: ^ (nsurlresponse *response, nsdata *data, nserror *connectionerror) {
- nsstring *str = [[NSString alloc] initwithdata:data encoding:nsutf8StringEncoding];
- NSLog (@ "%@,%@", [Nsthread CurrentThread], str);
- //update display needs to be in the main thread
- [[Nsoperationqueue Mainqueue] addoperationwithblock: ^{
- self. Label. Text = str;
- NSLog (@ "%@,%@", [Nsthread CurrentThread], str);
- }];
- }];
- }
Ii. A more advanced approachUse the concept of public and private keys. A public key (known to all), a private key (known only to the server). The password should be changed dynamically. * User: Encrypt with token+ time, send to Server * Server: Remove user password (with private key when storing), use time + public key to compare with the password sent by the client. (The server also to check the time difference between sending passwords, less than 1 minutes) detailed notes: from Lao Liu.
[OBJC]View Plaincopy
- -(ibaction) Login: (ID) Sender
- {
- NSString *pwd = self. Pwdtext. Text;
- //For MD5 encryption
- PWD = [pwd stringbyappendingstring:token];
- //Every time is the same! Example: A hacker intercepts data from a router
- //You will be able to obtain the password after encryption!
- PWD = [pwd md5string];
- //In the server background, a MD5 cipher string that is stored with a private key and is treated with salt
- PWD = [NSString stringwithformat:@ "%@%@%@", pwd, PublicKey, @ "2014062914:14:30"];
- //Use date to ensure that the strings generated by the encryption are not the same
- PWD = [pwd md5string];
- //content submitted to the server: new password, event that generated the password ,
- /**
- Processing of the server:
- 1. Remove the user's password from the server (encrypted with the private key)
- 2. The server knows the shared key and compares it to the client-submitted password based on a given time (dynamically generating a new password)
- 3. The server also needs to check the event difference of the submitted password, which is within 1 minutes of the date submitted by the client.
- */
- NSLog (@ "%@", PWD);
- [self postlogonwithusername:selfusernametext. Text password:pwd];
- }
- #pragma mark-post Login
- -(void) Postlogonwithusername: (nsstring *) userName Password: (nsstring *) password
- {
- //1. URL
- nsstring *urlstr = @ "http://192.168.25.2/login.php";
- Nsurl *url = [Nsurl urlwithstring:urlstr];
- //2. Request,post method, need to establish a mutable request
- nsmutableurlrequest *request = [nsmutableurlrequest requestwithurl:url];
- //1> post method, all data transfer involving user's privacy, all need to submit by post!
- Request. HttpMethod = @ "POST";
- //2> Data Body
- nsstring *bodystr = [NSString stringwithformat:@ "username=%@&password=%@", username, password];
- //Convert string to binary data
- Request. Httpbody = [Bodystr datausingencoding:nsutf8StringEncoding];
- //3. Send "asynchronous" requests, work on other threads, do not block current thread execution
- [Nsurlconnection sendasynchronousrequest:request queue:[[nsoperationqueue alloc] init] completionhandler:^ (nsurlresponse *response, nsdata *data, nserror *connectionerror) {
- //1> JSON, format is and nsdictionary Fast packaging format very
- //Convert JSON into a dictionary serialization
- nsdictionary *dict = [nsjsonserialization jsonobjectwithdata:data options:1 error:NULL];
- czuserinfo *userinfo = [Czuserinfo userinfowithdict:dict];
- NSLog (@ "%@%@", UserInfo. UserId, UserInfo. userName);
- }];
- NSLog (@ "=======");
- }
Reprint Please specify source: http://blog.csdn.net/xn4545945
iOS Development Web chapter-Data security
