Is there a risk of leakage if the website stores MD5 or other encrypted passwords?
Source: Internet
Author: User
Is there a risk of leakage if the website stores MD5 or other encrypted passwords? The original password is only known to the user and the website does not. In addition, this encryption algorithm adds a password string of the website itself. even if the database is broken, the obtained password is useless. it cannot be used for login or universal use on multiple websites, even if the user uses the same user name and password for each website. Is there a risk of leakage if the website stores MD5 or other encrypted passwords?
The original password is only known to the user and the website does not.
In addition, this encryption algorithm adds a password string of the website itself. even if the database is broken, the obtained password is useless. it cannot be used for login or universal use on multiple websites, even if the user uses the same user name and password for each website.
------ Solution --------------------
If the salt value is sufficient and does not leak. It should be okay.
------ Solution --------------------
Discussion
I mean, if some key data has been encrypted during the upload, let alone hackers, that is, the website itself does not know the customer's information, because of the public encryption algorithm, the user never uploads his or her own password, but only the user knows it. Brute-force cracking is hard to crack in the case of public encryption algorithms, except for the case where users set extremely simple passwords themselves. if others can guess the password, any security technology is powerless.
The user name and some text content that needs to be displayed in the browser cannot be encrypted, because these things need to be made public ......
------ Solution --------------------
Your understanding is right. separate MD5 is not secure (you can search for "online MD5"), which also depends on the complexity of the user password. If your website saves your original password, the company's programmers can see the password, and the general user habit is that all websites use the same user name and password. Not to mention that the data is exported, it is an abnormal programmer who takes the user name and password of this site to try on a large website. it is estimated that seven of the 10 programmers must be able to log on.
Despise csdn again! I modified all registered websites.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
