Using MD5 transform algorithm to prevent poor lifting (collision) Decipher password

Conversion | algorithm

MD5 is the most commonly used cryptographic encryption algorithm in Web applications. Since the MD5 is irreversible, the ciphertext after MD5 calculation can not get the original text through the reverse algorithm.

The intention of using MD5 encrypted text passwords in Web applications is to prevent the passwords stored in the database from being compromised and then being directly acquired. However, the attackers not only have a large number of password dictionaries, but also set up a lot of MD5 original/ciphertext control database, can quickly find common password MD5 ciphertext, is the efficient way to decipher MD5 ciphertext. However, the MD5 ciphertext database uses the most conventional MD5 encryption algorithm: The original-->md5--> ciphertext. Therefore, we can use the transform MD5 algorithm to make the ready-made MD5 ciphertext database inactive.


Some examples of transformation algorithms are shown below 
Of course, in other web development languages, the same results can be achieved entirely.

Transform One: Circulation MD5

The easiest transformation to understand is to perform multiple MD5 operations on a single password. Customize a function that accepts $data and $times two parameters, the first is the password to be encrypted, and the second is the number of times the encryption is repeated. There are two algorithms for implementing this transformation-

<?php
Iterative algorithm
function Md5_1_1 ($data, $times = 32)
{
Recycle the use of MD5
for ($i = 0; $i < $times; $i + +) {
$data = MD5 ($DATA);
}
return $data;
}

Recursive algorithm
function Md5_1_2 ($data, $times = 32)
{
if ($times > 0) {
$data = MD5 ($DATA);
$times--;
Return Md5_1_2 ($data, $times); Implementing recursion
} else {
return $data;
}
}
?>

Transform two: Ciphertext segmentation MD5

Although the user's password is an indeterminate string, a 32-character string can be used to transform the fixed-length string once the MD5 operation has been made. A bit of the BT algorithm is, this section of the cipher into a number of segments, for each section of a MD5 operation, and then the heap of ciphertext into a long string, and finally a MD5 operation, get still length of 32-bit ciphertext.

<?php
Divide the cipher into two paragraphs, 16 characters per paragraph
function Md5_2_1 ($data)
{
First encrypt the cipher into a 32-character cipher.
$data = MD5 ($DATA);
Divide the password into two paragraphs
$left = substr ($data, 0, 16);
$right = substr ($data, 16, 16);
Encrypt separately and then merge
$data = MD5 ($left). MD5 ($right);
Finally the long string again encryption, become 32 characters Fumi Wan
return MD5 ($DATA);
}

Divide the cipher into 32 paragraphs, 1 characters per paragraph
function Md5_2_2 ($data)
{
$data = MD5 ($DATA);
Iterate over each character in the ciphertext and encrypt and connect
for ($i = 0; $i < $i + +) {
$data. = MD5 ($data {$i});
}
The $data length is 1024 characters, then the MD5 operation
return MD5 ($DATA);
}
?>

Of course, this ciphertext segmentation of the specific algorithm is countless, such as the original ciphertext can be divided into 16 paragraphs per paragraph two characters, 8 paragraphs per paragraph 4 characters, or the number of characters in each paragraph is not equal ...

[1] [2] Next page