I originally wanted to randomly form a mobile phone verification code, write it into the database when I submitted it, and then read it for comparison. In this way, I wanted to look up the table, so I thought of another method, it is to re-combine the entered mobile phone into a verification code, which is regularly formed. registered members can be valid for a long time. This method does not need to write tables, that is, it does not know how secure it is, will it be easily cracked?
Long-term effectiveness is obviously problematic. You need to consider the possibility of leakage. As for cracking, find a well-designed hash algorithm, as long as the key information in the algorithm is not leaked, you don't have to worry about this problem.
A work und is to associate the verification code with a certain time point, for example, md5 (md5 (time + phone) + secret). In this example, time is the latest time, and secret is the key, calculate the last 6 digits of the hash value, and the validity period is 2 hours (the specific validity period and time policy can be adjusted according to actual needs). During verification, the last two whole points are replaced, if there is a match, it passes. In this way, as long as the secret does not leak, it can ensure that the secret is not cracked and not afraid of the previous verification code leakage. Even if the secret leaks, you can just change it :)
(It seems like the dynamic keys in some bank U shield, but I don't know how they are implemented)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
