Sina Weibo analog landing encryption algorithm __ algorithm

Project acceptance, was asked how micro-blog crawler Landing is how to achieve the results of the encryption algorithm did not explain white, embarrassing death ...

is a reference to the other people's procedures, not to complete understand, embarrassed lost big. This time it looks good:

1, you need to get two parameters before submitting a POST request.
Address is: Http://login.sina.com.cn/sso/login.php?client=ssologin.js (v1.3.18)
The resulting data contains "servertime" and "nonce" values, which are random, and other values seem to be of little use.

2, through Httpfox observation of the post data, the parameters are more complex, where "su" is encrypted username, "SP" is encrypted after the password. "Servertime" and "nonce" were obtained in the previous step. The other parameters are invariant.
Username has been BASE64 calculated: Username = base64.encodestring (urllib.quote (username)) [: 1];
The password is SHA1 encrypted three times, and the values of servertime and nonce are added to interfere with it.
namely: two times SHA1 encryption, the result plus servertime and nonce value, and then SHA1 calculate once.

Organize the parameters and post requests. No login succeeded after this.
The content that is obtained after post contains a sentence of Location.replace ("http://weibo.com/ajaxlogin.php?framelogin=1&callback= parent.sinassocontroller.feedbackurlcallback&retcode=101&reason=%b5%c7%c2%bc%c3%fb%bb%f2%c3%dc%c2%eb% B4%ed%ce%f3 ");

This is the result of a login failure, and the result is similar to the success of the login, although the Retcode value is 0. Then ask for this URL, so you can successfully log on to the microblog.
Remember to build the cache ahead of time.

Above from: http://www.douban.com/note/201767245/

SHA1 Introduction:

SHA1 's full name is Secure Hash algorithm (secure hashing algorithm), which is designed by the NIST NSA to work with DSA, which produces a 160bit hash value for a length of less than 264, and therefore has a better anti-poor (brute-force) nature. The SHA-1 design is based on the same principle as the MD4 and imitates the algorithm. SHA-1, a national standard promulgated by the United States Standards Technology Agency (NIST), is one of the most widely used hash function algorithms and the most advanced encryption technology currently used by government departments and private owners to handle sensitive information. and SHA-1 based on MD5,MD5 and MD4.
SHA-1 more than MD5 32-bit ciphertext, so more secure. For the same reason, MD5 is faster than SHA-1.

From: http://www.cnblogs.com/yank/archive/2008/09/04/1283936.html