Java Bean implementation for MD5

Source: Internet
Author: User
Tags character set final integer md5 variables rfc

MD5 Introduction

MD5 's full name, Message-digest algorithm 5, was developed by the MIT Computer Science Lab and RSA Data Security Inc in the early 90, through MD2, MD3 and MD4.

Message-digest refers to the hash transformation of a byte string (message), which transforms a byte string of any length into a long, large integer. Note that I use the word "byte string" instead of "string" because the transformation is only related to the value of the byte, regardless of the character set or encoding.

MD5 transforms any length of "byte string" into a large integer of 128bit, and it is an irreversible string transform algorithm, in other words, even if you see the source program and the algorithm description, you can not transform a MD5 value back to the original string, mathematically speaking, is because the original string has infinitely many, which is somewhat like a mathematical function with no inverse function.

A typical application of MD5 is to produce a fingerprint (fingerprint) of a message (a byte string) to prevent tampering. For example, you would write a phrase in a file called Readme.txt and create a MD5 value on the Readme.txt and record it, and then you can propagate the file to someone else, and if you change anything in the file, you'll find it when you recalculate MD5. If there is a third party certification body, using MD5 can also prevent the file author's "Repudiation", which is called digital signature applications.

MD5 is also widely used in encryption and decryption technology, in many operating systems, the user's password is MD5 value (or similar to other algorithms) to save the way, when the user login, the system is the user entered the password to calculate the MD5 value, and then to the system to save the MD5 value, and the system is not " Know what the user's password is.

Some hackers cracked the cipher by a method called a "running dictionary". There are two ways to get dictionaries, one is the daily collection of string tables used for passwords, the other is generated by the permutation and combination method, first the MD5 value of these dictionary items is computed with the MD5 program, and then the MD5 value of the target is retrieved in the dictionary.

Even assuming the maximum length of the password is 8, and the password can only be letters and numbers, a total of 26+26+10=62 characters, the number of entries in the combined dictionary is P (62,1) +p (62,2) ... +p (62,8), which is already a very astronomical figure, Storing this dictionary requires a TB-level disk group, and there is a prerequisite for it to be able to obtain the password MD5 value of the target account.

Managing user account is one of the most common basic functions in many e-business and community applications, and although many application servers provide these basic components, many application developers prefer to use relational databases to manage users for greater flexibility in management. The lazy approach is that users ' passwords are often stored directly in the database using plaintext or simple transformations, so these user passwords can be said to be confidential to software developers or system administrators, and the purpose of this article is to introduce the implementation of MD5 Java beans. It also gives an example of using MD5 to handle the user's account password, which makes it impossible for both administrators and program designers to see the user's password, although they can initialize them. But the important point is to protect the user password settings.

Interested readers can get MD5, which is the RFC 1321 text. Http://www.ietf.org/rfc/rfc1321.txt

Implementing policies

MD5 's algorithm in the RFC1321 has actually provided the implementation of C, we can actually immediately think of at least two ways to implement it in Java, the first is, in the Java language to rewrite the entire algorithm, or the simple point is to rewrite the C program as a Java program. The second is to use the JNI (Java Native Interface) to implement, the core algorithm still use this C program, with Java class to wrap it shell.

But I personally think that JNI should be a way for Java to solve certain types of problems, such as applications that are closely related to the operating system or I/O devices, and to provide a means of interoperability with other languages. The biggest problem with JNI is the introduction of platform dependencies that break Sun's vaunted Java benefits of "writing everywhere". So I decided to take the first approach and try to work with you on the benefits of "writing everywhere," and examining the efficiency of Java 2 Now for more intensive computing.

Implementation process

Limited to the length of this article, and for more readers to really focus on the problem itself, I don't want to introduce the Java bean production process to a Java integrated development environment, and when I introduce a method I find the steps and commands clear, I believe that any reader with more than three days of experience in the Java Integration environment will know how to compile and run the code in an integrated environment. It often takes a lot of screenshots to tell a problem in an integrated environment, which is why I have a headache for the integration environment. I used an ordinary text editor, while using the Sun company standard JDK 1.3.0 for Windows NT.

In fact, converting C to Java is not difficult for a programmer with a certain C language base, and the basic grammar of the two languages is almost identical. It took me about one hours to complete the conversion of the code, and I mainly did the following things:

Change some of the #define macro definitions that must be used into the final static in class so that the data is shared among multiple instance in a process space

Deleted some useless #if define, because I only care about MD5, this recommended C implementation also implemented MD2 MD3 and MD4, and some #if define and c different compiler related

Converts some computed macros to final static member functions.

All of the variable names are consistent with the original C implementation, making some Java-compliant changes in capitalization, and the C function in the calculation becomes the private method (member function).

Bit length adjustment of key variables

Classes and methods are defined

It should be noted that many early C compilers of type int are bit, MD5 uses a unsigned long int and considers it to be a 32bit unsigned integer. In Java, the int is bit, and long is the bit. In the C implementation of MD5, a large number of bit operations are used. One point to note here is that, although Java provides bit manipulation, because Java does not have a unsigned type, it provides an unsigned right shift for the right shift operation: >>>, which is equivalent to the >> in C for unsigned number processing.

Because Java does not provide unsigned numbers, the addition of two large int will overflow to get a negative number or an exception, so I changed some key variables to a long type (64bit) in Java. I personally think it's easier to overload those operators than to redefine a class of unsigned numbers at the same time, and it's much more efficient and code readable, and OO (Object oriented) abuse can lead to inefficiencies.

Limited to space, here no longer give the original C code, interested in the reader friend can go to see RFC 1321. Md5.java Source Code

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.