The full name of MD5 is Message-Digest Algorithm 5 (Message-Digest Algorithm). It was developed in the early 1990s by Ronald L. Rivest of Mit Laboratory for Computer Science and Rsa data security inc. It was developed by md2 and md3 Developed from md4. Its function is to allow large-capacity information to be "compressed" into a confidential format (that is, to convert a byte string of any length into a large integer of a certain length) before signing the private key with digital signature software. Whether it is md2, md4 or md5, they all need to obtain a random length of information and generate a 128-bit information digest.
Cryptographic hash functions map binary strings of arbitrary length into small binary strings of fixed length. Cryptographic hash functions have the property that it is computationally impossible to find two different inputs that hash to the same value; that is, the hash values ??of two sets of data will only be found if the corresponding data also match match. A small change in the data can produce an unpredictable large number of changes in the hash value. So it is difficult for you to find clues from the encrypted text.
The full name of SHA1 is Secure Hash Algorithm (Secure Hash Algorithm)
The hash value size of the MD5 algorithm is 128 bits. The hash value size of the SHA1 algorithm is 160 bits. Both algorithms are irreversible.
Although at the International Cryptozoology Conference (Crypto'2004) in Santa Barbara, California, on August 17, 2004, Professor Wang Xiaoyun from Shandong University in China made a breakthrough in deciphering MD5, HAVAL-128, MD4 and The RIPEMD algorithm report announced the cracking results of the MD series algorithms. It was announced that the fortress of MD5, the world's most impregnable cryptographic standard, collapsed, triggering an uproar in the cryptography community. But I think this level of encryption security is enough for us to make ordinary software.
What we usually use the most is to encrypt user passwords and store the encrypted passwords in the database. When comparing passwords, we encrypt the password entered by the user and then compare it with the password in the database. text for comparison. As for how the encryption algorithm is implemented in the ASP.net class, we don't need to care about this, just know how to use it.
The following are several encryption methods in ASP.NET. There are two encryption algorithms, namely MD5 and SHA1 mentioned above. The example I give here is MD5. SHA1 is roughly the same, but the classes used are different.
MD5 related classes:
The code is as follows:
System.Security.Cryptography.MD5
System.Security.Cryptography.MD5CryptoServiceProvider( )
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "MD5")
SHA1 related classes:
The code is as follows:
< p>System.Security.Cryptography.SHA1System.Security.Cryptography.SHA1CryptoServiceProvider()
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "SHA1")
p>The method is as follows: (using vs2005)
The code is as follows:
/**////
/// Method 1: Create an object by using the new operator
///
/// Plain text that needs to be encrypted
///
public string Get_MD5_Method1(string strSource )
{
//new
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
//Get the ciphertext byte array
byte[] bytResult = md5.ComputeHash(System.Text.Encoding.Default.GetBytes(strSource));
//Conversion into a string, and take 9 to 25 bits
string strResult = BitConverter.ToString(bytResult, 4, 8);
//Convert to a string, 32 bits
//string strResult = BitConverter.ToString(bytResult);
//The string converted by BitConverter will generate a delimiter in the middle of each character, which needs to be removed
< p>strResult = strResult.Replace("-", "");return strResult;
}
/**////
/// Method 2: Create an object that implements a specific encryption algorithm by calling the Create method on the abstract class of a specific encryption algorithm.
///
/// Plain text to be encrypted
///
public string Get_MD5_Method2(string strSource)
{
string strResult = "";
//Create
System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create();
//Note encoding UTF8, UTF7, Unicode and other options
byte[] bytResult = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(strSource));
//The byte type array is converted to String
for (int i = 0; i < bytResult.Length; i++)
{
//Hexadecimal conversion
< p>strResult = strResult + bytResult[i].ToString("X");}
return strResult;
}
/**////
/// Method 3: Generate directly using HashPasswordForStoringInConfigFile
///
/ // Plain text that needs to be encrypted
///
public string Get_MD5_Method3 (string strSource)
{
return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "MD5");
}
< p>These encryption functions are all executed on the server side. That is to say, when the user enters the password and transmits it from the client to the server, the user's password is not protected in any way and is very dangerous. The bank's approach is to install ActiveX controls on the client, encrypt some important information on the client, and then send it. I don't know how to do this, and I really hope to learn how to make this kind of ActiveX control.