Use the MD5 conversion algorithm to prevent brute force cracking

Use the MD5 conversion algorithm to prevent brute-force password cracking <P> & nbsp; MD5 is the most common password encryption algorithm in Web applications. Because MD5 is irreversible

MD5 is the most common cryptographic algorithm in Web applications. Because MD5 is irreversible, the ciphertext obtained after MD5 calculation cannot be obtained through reverse algorithms.

Looking back at the original intention of using MD5 to encrypt text passwords in Web applications, it is to prevent the passwords stored in the database from being obtained after being leaked. However, the attacker not only has a huge amount of data in the password dictionary, but also has established a lot of MD5 original/ciphertext control databases to quickly find the MD5 ciphertext of common passwords, which is an efficient way to decrypt the MD5 ciphertext. However, the MD5 ciphertext database uses the most common MD5 encryption algorithm: original --> MD5 --> ciphertext. Therefore, we can use the transformed MD5 algorithm to make the ready-made MD5 ciphertext database useless.


The following is an example of a transformation algorithm?
Of course, the same results can be obtained in other Web development languages.

Transformation 1: cyclic MD5

The easiest to understand is to perform multiple MD5 operations on a password. A custom function that accepts two parameters: $ data and $ times. The first parameter is the password to be encrypted, and the second parameter is the number of times of repeated encryption. There are two algorithms to implement this transformation --

// Iterative algorithm
Function md5_1_1 ($ data, $ times = 32)
{
// Use MD5 repeatedly
For ($ I = 0; $ I <$ times; $ I ++ ){
$ Data = md5 ($ data );
}
Return $ data;
}

// Recursive algorithm
Function md5_1_2 ($ data, $ times = 32)
{
If ($ times> 0 ){
$ Data = md5 ($ data );
$ Times --;
Return md5_1_2 ($ data, $ times); // implement recursion
} Else {
Return $ data;
}
}
?>

Conversion 2: MD5 separated by ciphertext

Although the user's password is an uncertain string, after an MD5 operation, a string consisting of 32 characters can be obtained. in this case, the fixed length string can be transformed. A bit of BT's algorithm is to divide the ciphertext into several segments, perform an MD5 operation on each segment, then connect the ciphertext into an ultra-long string, and finally perform an MD5 operation, the resulting ciphertext is still a 32-bit ciphertext.

// Divide the ciphertext into two segments, each of which contains 16 characters
Function md5_2_1 ($ data)
{
// Encrypt the password into a 32-character ciphertext
$ Data = md5 ($ data );
// Split the password into two segments
$ Left = substr ($ data, 0, 16 );
$ Right = substr ($ data, 16, 16 );
// Encrypt the data separately before merging.
$ Data = md5 ($ left). md5 ($ right );
// Finally, the long string is re-encrypted to a 32-character ciphertext.
Return md5 ($ data );
}

// Divide the ciphertext into 32 segments, each of which contains 1 character
Function md5_2_2 ($ data)
{
$ Data = md5 ($ data );
// Cyclically intercept each character in the ciphertext and encrypt and connect it
For ($ I = 0; $ I <32; $ I ++ ){
$ Data. = md5 ($ data {$ I });
}
// At this time, $ data is 1024 characters in length, and an MD5 operation is performed again.
Return md5 ($ data );
}
?>

Of course, the specific ciphertext segmentation algorithm is infinite. for example, the original ciphertext can be divided into 16 segments, each segment contains two characters, and 8 segments contains four characters, or the number of characters in each segment is not equal ......

[1] [2] Next page