Based on the features of the MD5 algorithm, we can regard the MD5 encryption process as a function call process. We recommend that you modify it in the following ways to ensure the security of your website users and data to a certain extent:
1. Modify the four constants of the MD5 algorithm. This is the most convenient method. It features that the encrypted data is very similar to that before encryption, but will not be cracked.
2. perform multiple encryption to encrypt the MD5 encrypted data twice or three times, or encrypt the data after each encryption, for example, "I love you ", after "1E6986ACEC7BAE541AB7B37B99260DAF" is encrypted, We can encrypt any part of it. For example, we can encrypt the first 18 digits "1E6986ACEC7BAE541" to obtain "encrypt". This modification is simple, for example, if asp calls md5 ("password"), you can change it to md5 (left (md5 ("password"), 16), which is very secure, that is, your data is downloaded, and it is impossible to crack it.
3. Copy MD5 encryption. As the name suggests, we do not use MD5 encryption, but use other algorithms, and then take the scattered columns to ensure that they are not cracked.
There are many ways to do this. I hope that you can modify your website by yourself, so that you can be sure that you are safe. No matter what software you are using, I hope you will be cautious, we call this method MD5 private algorithm or private MD5 algorithm.
Recommended for some large programs, such as mobile network, mobile and OBLOG programs;
Do not use the regular MD5 algorithm. Some people say that it is not a regular MD5 algorithm, and the encryption method is flexible. We hope to select the appropriate algorithm when developing the program and modify the MD5 algorithm as appropriate, for example, in the configuration file, add the function that affects the MD5 change to the user. When the user installs the program normally, make a selection and automatically modify the key part of the MD5 Algorithm function, the encryption results of different Website user passwords are different. When the initial administrator password is used, the password with a higher degree of encryption can be saved to improve the security of the program. 2. When creating a program, new knowledge about encryption and decryption should be absorbed, that is, the conventional method should be used, and the security coefficient outside the program should be considered. In many cases, we are all open-source. Therefore, new technologies such as dynamic change of user passwords should also be learned
Suggestions for common users:
1. Do not use passwords too simple, such as pure numbers, pure letters, birthdays, telephones, and zip codes. It is best to use letters, characters, and numbers, such as 1980zg97 @ * & ^ bye, the characters are mainly input by SHIFT + number. In this way, you can remember only the numbers. For example, if you enter SHIFT + zg3450987zg, you actually enter ZG # ¥ %.) (× ※zg is much stronger than a common password.
2. Do not repeat the password, but it should be regular. For example, each of your passwords is different, but there is a connection, for example, the difference is 99, your first password is 8795% $ # % 4213. The second password can be 38795% $ # % 421.
3. Enter the password and use the mouse. For example, to enter 123456, you can enter 456 first and then put the mouse in front and enter 123.