iOS Development Web chapter-Data security

A simple explanation

1. Description

When developing an application, the security of the data is critical, and simply submitting the user's privacy data with a POST request is still not a complete solution to the security issue.

Such as: You can use software (such as Charles) to set up a proxy server to intercept the request data to view the phone

"Blue and white porcelain" software

Therefore: When submitting the user's privacy data, must not be explicitly submitted, to encrypt processing and then submit

2. Common cryptographic algorithms

MD5 \ SHA \ DES \ 3DES \ RC2 and RC4 \ RSA \ idea \ DSA \ AES

3. Selection of cryptographic algorithms

General companies will have a set of their own encryption scheme, according to the requirements of the company interface documents to encrypt

Second, MD5

1. Brief description

MD5: Full name is message Digest algorithm 5, translated as "Message Digest algorithm 5th Edition"

Effect: Generates a unique 128-bit hash value (32 characters) for the input information

Features of 2.MD5

(1) input two different plaintext will not get the same output value

(2) According to the output value, the original plaintext cannot be obtained, that is, its process is irreversible

Application of 3.MD5

Because the MD5 encryption algorithm has good security, and free, so the encryption algorithm is widely used

Mainly used in digital signature, file integrity verification and password encryption and other aspects

4.MD5 hack

MD5 Decryption Website: http://www.cmd5.com

5.MD5 improvements

Now the MD5 is no longer absolutely safe, in this, can be slightly improved MD5 to increase the difficulty of decryption

Add Salt: Insert a random string in the fixed position of the plaintext before MD5

First encryption, after the chaos sequence: first MD5 the plaintext, and then the encryption of the MD5 string of characters to disorderly order

In short, the purpose is: hackers even if the database is compromised, can not decrypt the correct plaintext

code example:

 1 #import "HMViewController.h" 2 #import "NSSTRING+HASH.H" 3 4 #define Salt @ "fsdhjkfhjksdhjkfjhkd546783765" 5 6 @inter Face Hmviewcontroller () 7 8 @end 9 @implementation HMViewController11-(void) viewDidLoad13 {[Super Viewdid load];15 [Self digest:@ "123"]; [Self digest:@ ' abc '];18 [Self digest:@ "456"];19}20 21/**22 * Direct MD5 encryption at */24-(NSString *) Digest: (Nsstr ing *) str25 {nsstring *anwen = [str md5string];27 NSLog (@ "%@-%@", str, Anwen); return anwen;29}30 31/     **32 * Add salt */34-(NSString *) Digest2: (NSString *) str35 {str = [STR stringbyappendingstring:salt];37 38 NSString *anwen = [str md5string];39 NSLog (@ "%@-%@", str, Anwen); + return anwen;41}42 43/**44 * Multiple MD545 * /46-(NSString *) Digest3: (NSString *) str47 {NSString *anwen = [str md5string];49 anwen = [Anwen Md5stri ng];51 NSLog (@ "%@-%@", str, Anwen); anwen;54}55 56/**57 * First encrypted, then disorderly 58 */59 -(NSString *) Digest4: (NSString *) str60 {NSString *anwen = [str md5string];62 63//Registration: 123----2CB962A c59075b964b07152d234b702064 65//Login: 123---202cb962ac59075b964b07152d234b7066 nsstring *header = [an Wen substringtoindex:2];68 nsstring *footer = [Anwen substringfromindex:2];69 Anwen = [Footer Stringbyappendingstr Ing:header];70 NSLog (@ "%@-%@", str, Anwen); anwen;73}74 @end

(1) Direct use of MD5 encryption (to MD5 decryption site can be cracked)

(2) using salt (after decryption by MD5, it is easy to find the law)

(3) Multiple MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)

(4) First encryption, after the disorderly sequence (crack difficulty increased)

III. registration and validation of data processing procedures

1. Security procedures for submitting private data – Registration

2. Security procedures for submitting private data – Login

iOS Development Web chapter-Data security