Use of the "Java" MD5

MD5, the English meaning is the message Digest, namely the Information Digest, is the commonly used information digest algorithm.

It is an irreversible algorithm, that is, if a message MD5 digest into a string of code, you will not be able to restore the original information through this string of code.

For this feature, MD5 is often used to verify that the password is correct and that the downloaded file is intact.

> Verify the password is correct: The user registration Password MD5 Digest after the storage, when the user logged in the user input password MD5 summary, compared to two times after the summary of the information is equal, equal to the correct password. (if it is better to add salt, see later chapters)

> Verify that the download file is intact: We often download the open source file resource Bundle, we can see the MD5 of the resource bundle provided on the website (such as download poi, one), after downloading the file, you can use your own program or go directly to some website to calculate its MD5 code, if it is consistent with the official web-provided, Indicates that the file is intact . (Figure II of the 3rd line of the log is visible, the following program calculates the MD5 code and Tuyi's official website consistent)

> is it enough to simply MD5

As seen, 123456 of the MD5 code is e10adc3949ba59abbe56e057f20f883e.

If your system uses MD5 Digest, and does not add salt, also often uses 123456 for the test password, to this string MD5 code must be very familiar. Some of these MD5 codes lie quietly in the DB for verification.

If a database is exposed (such as a drag-and-drop library), the bad guys get these MD5 codes, and they can easily translate most passwords by mapping their common passwords to their MD5 codes.

So, in general, we need to add salt to the original password, so-called salt, is to follow certain rules to disturb the original string, and then the MD5 Digest. This rule is defined by itself and must be kept secret.

> Call Spring Tool class to get MD5 code

Now that spring is widely used, we get MD5 code directly using the Spring API.

 PackageCom.nicchagil.md5study;Importorg.springframework.util.DigestUtils; Public classmd5utilbyspring {/*** Use MD5 as a summary of information and in hexadecimal notation*/     Public StaticString MD5 (byte[] bytes) {        returnDigestutils.md5digestashex (bytes); }    /*** Use MD5 as a summary of information and in hexadecimal notation*/     Public Staticstring MD5 (string s) {if(s = =NULL|| S.length () = = 0) {            return NULL; }        returnmd5utilbyspring.md5 (S.getbytes ()); }    }

View Code

 PackageCom.nicchagil.md5study; Public classSalter { Public Static FinalString PREFIX = "how";  Public Static FinalString FILLING = "is";  Public Static FinalInteger Filling_index = 5;  Public Static FinalString POSTFIX = "you!";  Public Staticstring Salt (string source) {if(Source = =NULL|| Source.length () = = 0) {            return NULL; } stringbuffer SB=NewStringBuffer (source); if(Sb.length () >Filling_index)        {Sb.insert (Filling_index, FILLING); }                returnSb.insert (0, PREFIX). Append (POSTFIX). toString (); }}

View Code

 PackageCom.nicchagil.md5study;ImportJava.io.ByteArrayOutputStream;ImportJava.io.File;ImportJava.io.FileInputStream;Importorg.junit.Test; Public classHowtouse {@Test Public voidTest ()throwsException {String source= "123456"; String Md5hex=md5utilbyspring.md5 (source); System.out.println (Source+ "' s hex MD5" +Md5hex); } @Test Public voidTest2 ()throwsException {File file=NewFile ("d:/poi-bin-3.13-20150929.tar.gz"); FileInputStream FIS=NULL; Bytearrayoutputstream BAOs=NULL; Try{FIS=Newfileinputstream (file); BAOs=NewBytearrayoutputstream (); byte[] bytes =New byte[1024]; intSize = 0;  while(size = fis.read (bytes))! = 1) {                if(Size = = 1024) {baos.write (bytes); } Else{baos.write (bytes,0, size); }            }                        byte[] Resultbytes =Baos.tobytearray (); System.out.println ("Size +" +resultbytes.length); String Md5hex=md5utilbyspring.md5 (resultbytes); System.out.println ("Hex MD5" +Md5hex); } finally {            if(FIS! =NULL) {fis.close (); }            if(BAOs! =NULL) {baos.close (); } }} @Test Public voidTest3 ()throwsException {String source= "123456"; String Saltsource=Salter.salt (source); String MD5=md5utilbyspring.md5 (Saltsource); System.out.println (Source+ "Salt" + Saltsource + "MD5" +MD5); SOURCE= "12345"; Saltsource=Salter.salt (source); MD5=md5utilbyspring.md5 (Saltsource); System.out.println (Source+ "Salt" + Saltsource + "MD5" +MD5); SOURCE= "1234"; Saltsource=Salter.salt (source); MD5=md5utilbyspring.md5 (Saltsource); System.out.println (Source+ "Salt" + Saltsource + "MD5" +MD5); }    }

View Code

Figure A

Figure II

Use of the "Java" MD5