We know that if the password is hashed directly, then the hacker can get a hash value by obtaining this password, and then by checking the hash value dictionary (for example, MD5 password cracking site), the password of a user.Adding salt can solve
Transferred from: http://blog.csdn.net/blade2001/article/details/6341078We know that if the password is hashed directly, then the hacker can get a hash value by obtaining this password, and then by checking the hash value dictionary (for example, MD5
Currently, the MD5 password database has a huge amount of data, and most common passwords can reverse query the plaintext of the password through the MD5 Digest. To prevent internal personnel (persons who can access database or database backup files)
I. State the Workflow:1. According to the existing password string to generate a password + salt string, You can also store the salt of the encrypted string in the database (see requirements),2. Verify that the submitted password string is encrypted
If the password is hashed directly, the hacker can obtain the password of a user by querying the hash dictionary (for example, MD5 password cracking website. After adding the salt, it will be much more difficult. even if you have obtained the salt
How to add salt?
In order to enhance the safety of MD5, in addition to the new algorithm to add a part of the value of salt, salt value is a randomly generated set of strings, can include random uppercase and lowercase letters, numbers, characters,
A simple md5 and salt encryption method (to prevent rainbow tables from hitting the database)
Md5 encryption (or digest algorithm) is not explained if you are familiar with it.
Currently, many database designs prefer to use one-way encryption to
MD5 encryption (or digest algorithm) Everyone is familiar with it, and it doesn't explain.Now a lot of database design like to use one-way encryption to save the password, verify that the password is encrypted once again to do a ciphertext
1, first of all, briefly talk about the development of the regular Web login module (for simple login function, the database fields are not encrypted and encrypted during transmission)
Non-Secure Login module development
Using Jsp+mysql
The database
Read a lot of tutorials on the Internet, have mentioned the configuration of spring Shiro password encryption, and even gave a custom class to implement. Are rarely solved by configuration.
The password Salt value encryption method should be very
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.