Java Bean implementation for MD5

Source: Internet
Author: User
Tags define character set final functions implement variables string version
MD5 Introduction
MD5 's full name, Message-digest algorithm 5, was developed by the MIT Computer Science Lab and RSA Data Security Inc in the early 90, through MD2, MD3 and MD4.

Message-digest refers to the hash transformation of a byte string (message), which transforms a byte string of any length into a long, large integer. Note that I use the word "byte string" instead of "string" because the transformation is only related to the value of the byte, regardless of the character set or encoding.

MD5 transforms any length of "byte string" into a large integer of 128bit, and it is an irreversible string transform algorithm, in other words, even if you see the source program and the algorithm description, you can not transform a MD5 value back to the original string, mathematically speaking, is because the original string has infinitely many, which is somewhat like a mathematical function with no inverse function.

A typical application of MD5 is to produce a fingerprint (fingerprint) of a message (a byte string) to prevent tampering. For example, you would write a phrase in a file called Readme.txt and create a MD5 value on the Readme.txt and record it, and then you can propagate the file to someone else, and if you change anything in the file, you'll find it when you recalculate MD5. If there is a third party certification body, using MD5 can also prevent the file author's "Repudiation", which is called digital signature applications.

MD5 is also widely used in encryption and decryption technology, in many operating systems, the user's password is MD5 value (or similar to other algorithms) to save the way, when the user login, the system is the user entered the password to calculate the MD5 value, and then to the system to save the MD5 value, and the system is not " Know what the user's password is.

Some hackers cracked the cipher by a method called a "running dictionary". There are two ways to get dictionaries, one is the daily collection of string tables used for passwords, the other is generated by the permutation and combination method, first the MD5 value of these dictionary items is computed with the MD5 program, and then the MD5 value of the target is retrieved in the dictionary.

Even assuming the maximum length of the password is 8, and the password can only be letters and numbers, a total of 26+26+10=62 characters, the number of entries in the combined dictionary is P (62,1) +p (62,2) ... +p (62,8), which is already a very astronomical figure, Storing this dictionary requires a TB-level disk group, and there is a prerequisite for it to be able to obtain the password MD5 value of the target account.

Managing user account is one of the most common basic functions in many e-business and community applications, and although many application servers provide these basic components, many application developers prefer to use relational databases to manage users for greater flexibility in management. The lazy approach is that users ' passwords are often stored directly in the database using plaintext or simple transformations, so these user passwords can be said to be confidential to software developers or system administrators, and the purpose of this article is to introduce the implementation of MD5 Java beans. It also gives an example of using MD5 to handle the user's account password, which makes it impossible for both administrators and program designers to see the user's password, although they can initialize them. But the important point is to protect the user password settings.

Interested readers can get MD5, which is the RFC 1321 text. Http://www.ietf.org/rfc/rfc1321.txt

Implementing policies


MD5 's algorithm in the RFC1321 has actually provided the implementation of C, we can actually immediately think of at least two ways to implement it in Java, the first is, in the Java language to rewrite the entire algorithm, or the simple point is to rewrite the C program as a Java program. The second is to use the JNI (Java Native Interface) to implement, the core algorithm still use this C program, with Java class to wrap it shell.

But I personally think that JNI should be a way for Java to solve certain types of problems, such as applications that are closely related to the operating system or I/O devices, and to provide a means of interoperability with other languages. The biggest problem with JNI is the introduction of platform dependencies that break Sun's vaunted Java benefits of "writing everywhere". So I decided to take the first approach and try to work with you on the benefits of "writing everywhere," and examining the efficiency of Java 2 Now for more intensive computing.

Implementation process


Limited to the length of this article, and for more readers to really focus on the problem itself, I don't want to introduce the Java bean production process to a Java integrated development environment, and when I introduce a method I find the steps and commands clear, I believe that any reader with more than three days of experience in the Java Integration environment will know how to compile and run the code in an integrated environment. It often takes a lot of screenshots to tell a problem in an integrated environment, which is why I have a headache for the integration environment. I used an ordinary text editor, while using the Sun company standard JDK 1.3.0 for Windows NT.

In fact, converting C to Java is not difficult for a programmer with a certain C language base, and the basic grammar of the two languages is almost identical. It took me about one hours to complete the conversion of the code, and I mainly did the following things:

Change some of the #define macro definitions that must be used into the final static in class, so that multiple instance in one process space are shared that deletes some useless #if define because I only care about MD5, This recommended C implementation also implements both MD2 MD3 and MD4, and some #if define also convert some computed macros to final static member functions with C different compilers.
All of the variable names are consistent with the original C implementation, making some Java-compliant changes in capitalization, and the C function in the calculation becomes the private method (member function).
The bit-length adjustment of key variables defines classes and methods it is important to note that many of the early C compiler's type int is bit, MD5 uses a unsigned long int and considers it to be a 32bit unsigned integer. In Java, the int is bit, and long is the bit. In the C implementation of MD5, a large number of bit operations are used. One point to note here is that, although Java provides bit manipulation, because Java does not have a unsigned type, it provides an unsigned right shift for the right shift operation: >>>, which is equivalent to the >> in C for unsigned number processing.

Because Java does not provide unsigned numbers, the addition of two large int will overflow to get a negative number or an exception, so I changed some key variables to a long type (64bit) in Java. I personally think it's easier to overload those operators than to redefine a class of unsigned numbers at the same time, and it's much more efficient and code readable, and OO (Object oriented) abuse can lead to inefficiencies.

Limited to space, here no longer give the original C code, interested in the reader friend can go to see RFC 1321. Md5.java Source Code

Test


In RFC 1321, the test suite is given to verify that your implementation is correct:

MD5 ("") = d41d8cd98f00b204e9800998ecf8427e
MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661
MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72
MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0
MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b
……
这些输出结果的含义是指:空字符串””的MD5值是d41d8cd98f00b204e9800998ecf8427e,字符串”a”的MD5值是0cc175b9c0f1b6a831c399e269772661……
Compile and run our program:
Javac–d. Md5.java
Java Beartool. MD5
I used the package Beartool in the first line of my program in order not to conflict with someone else's program of the same name in the future.

So compile the command javac–d. Md5.java command in our working directory automatically set up a Beartool directory, the Directory is a compilation of successful Md5.class

We will get the same result as the test suite. Of course, you can continue to test other MD5 transformations you are interested in, such as:

Java Beartool. MD5 1234

The MD5 value of 1234 will be given.

Maybe it's my computer knowledge that started with the Apple II and Z80 veneer, I have a preference for uppercase hexadecimal code, so if you want to use a lowercase digest string, you just have to change a, B, C, D, E, F in the Bytehex function to a, B, C, D, E, F.

MD5 is said to be a more time-consuming calculation, our Java version of MD5 a flash even if it came out, did not encounter any obstacles, and with the naked eye does not feel the Java version of the MD5 than the C version of the slow.

In order to test its compatibility, I copied the Md5.class file to my other LINUX+IBM JDK 1.3 machine, and after execution I got the same result, which was "run everywhere."

[1] [2] [3] Next page



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.