Category: Computer/Network>> Software
Analysis:
The full name of MD5 is Message-Digest Algorithm 5, which was developed by the Computer Science Department of MIT in the early 1990s. Labs and RSA Data Security Inc. Invented and developed from MD2, MD3 and MD4.
Message-Digest generally refers to the Hash transformation of a byte string (Message), which is to transform a byte string of any length into a large integer of a certain length. Please note that I use the word "byte string" instead of "string" because this transformation only has to do with the byte value, not the character set or encoding.
MD5 converts a "byte string" of any length into a 128-bit large integer, and it is an irreversible string conversion algorithm. In other words, even if you see the source program and algorithm description , it is also impossible to convert an MD5 value back to the original string. From a mathematical point of view, it is because there are infinitely many original strings. This is a bit like a mathematical function that does not have an inverse function.
A typical application of MD5 is to generate a fingerprint on a Message (byte string) to prevent it from being "tampered with." For example, you write a paragraph in a file called readme.txt, and generate an MD5 value for this readme.txt and record it. Then you can spread this file to others. If others modify the file Any content, you will find it when you recalculate the MD5 of this file. If there is a third-party certification agency, using MD5 can also prevent "repudiation" of the file author. This is the so-called digital signature application.
MD5 is also widely used in encryption and decryption technology. In many operating systems, the user's password is saved in the form of MD5 value (or other similar algorithms). When the user logs in, the system is Calculate the password entered by the user into an MD5 value, and then compare it with the MD5 value saved in the system, but the system does not "know" what the user's password is.
The method some hackers use to crack such passwords is a method called "dictionary running." There are two ways to obtain a dictionary. One is a daily collection of string tables used as passwords, and the other is generated using a permutation and combination method. First, use the MD5 program to calculate the MD5 values ??of these dictionary items, and then use the target's MD5 values ??are searched in this dictionary.
Even assuming that the maximum length of the password is 8, and the password can only be letters and numbers, ***26+26+10=62 characters, the number of items in the dictionary formed by permutation is P( 62,1)+P(62,2)....+P(62,8), that is already an astronomical number. Storing this dictionary requires a terabyte-level disk group, and this method is also There is a premise, that is, the MD5 value of the password of the target account can be obtained.
In many e-commerce and community applications, managing users' Accounts is the most commonly used basic function. Although many Application Servers provide these basic components, many application developers in order to manage larger Flexibility still prefers to use a relational database to manage users. The lazy approach is that user passwords are often stored directly in the database in plain text or after simple transformations. Therefore, the passwords of these users are of no concern to software developers or system administrators. There is no confidentiality at all. The purpose of this article is to introduce the implementation of MD5 Java Bean and give an example of using MD5 to process the user's Account password. This method makes it impossible for administrators and programmers to see the user's password. They can initialize them.
But the important point is to protect users’ password setting habits