Reply content:
I would like to randomly form a mobile phone verification code, and then submit to write to the database, and then read out the comparison, so to look at the table, so think of another method, is to re-assemble the phone through the input of a verification code, this verification code formation is regular, registered members can be long-term effective, this method without writing table operation, Just don't know security how, will be easy to be cracked?
The long-term effectiveness is obviously problematic, and you have to consider the possibility of leaking problems. As for the cracked words, find a reasonable design of the hashing algorithm, as long as the key information in the algorithm does not leak, but do not worry about this problem.
A workaround is to have a verification code and a point-in-time correlation, for example: MD5 (MD5 time + phone) + secret, which takes the most recent hour, secret is the key, calculates the hash value after 6 bits, Valid for 2 hours (the specific validity period and time of the strategy can be adjusted according to the actual needs); Verify that the last two hours of the hour to go in, if there is a match on the passage. So long as the secret does not leak, it can be guaranteed not to be cracked, but also to ensure that the previous verification code leakage; and even if the secret leak, change one on the line:)
(It may seem like a dynamic key in some bank U-shields, but I don't know how they are implemented.)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
