Is it safe to use the MD5 encrypted string to store the password?Hash algorithm you have to know

What is Hash?

Hash, generally translated as hash, hash, transliterated as hash.Hash refers to converting an input of any length into a fixed-length output through the Hash algorithm, and the output is the hash value.It is irreversible, and the original value cannot be calculated from the resulting value.The whole process of the Hash algorithm is the process of mapping the original value space of arbitrary length into the value space of fixed length.

The mapping rule is the corresponding Hash algorithm, and the binary string after mapping the original data is the hash value.Both MD5 and SHA, which are often used in development, are long-established Hash algorithms.

Hash algorithm

Common hash algorithms are MD5 and SHA; SHA includes SHA-1 and SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) and SHA-3.

MD5 is an algorithm that inputs variable length information and outputs fixed length 128-bits.After the program flow, four 32-bit data are generated and finally combined into a 128-bits hash.The basic method is to calculate the remainder, take the remainder, adjust the length, and perform a loop operation with the link variable.come to conclusion.

SHA-1 is widely used in many security protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec, and was once considered an alternative to MD5 (an earlier widely used hash function)Successor.

SHA-2 is still basically similar in algorithm to SHA-1; therefore some people have started to develop other alternative hashing algorithms.

Application of Hash algorithm in daily life

In daily work, the application scenarios that technical developers often encounter are information encryption, data verification, digital signature, etc. The following is a brief introduction to these three applications.

1. Information encryption

First we look at the application of information encryption.Passwords are inseparable from our lives, and are also very private information for users. The simplest protection measure is to encrypt passwords with Hash.Perform Hash operation on the password entered by the user on the client side, and then save the hash value of the user password in the database on the server side, so even if the user is stolen, it is difficult to get the plaintext password all at once.Seeing this, some friends may think, so can we ensure security by performing MD5 encryption on the password entered by the user?In this way, even if a malicious user knows the Hash value, there is no way to obtain the user's real password.

Let's assume that the user's password is "12345678", and the value obtained after one MD5 is: "25d55ad283aa400af464c76d713c07ad", then is it safe to use this encrypted string to store the password? EveryoneYou can come and learn about this website: https://md5.cn/

The relevant introduction about the site is as follows:

md5.cn conducts reverse query for the encryption algorithms that are commonly used in the world, such as md5 and sha1, and creates a query database corresponding to plaintext and ciphertext by means of exhaustive character combination. The created records are about tens of trillions.The success rate is over 90%.

So, for this password encryption problem, our general solution is to "salt", that is, salt, which uses special characters (salt) and user input to form a new string for encryption.In this way, the complexity of the reverse query is increased.

Friends who need to know can go to this site to see: https://md5.cn/

2. Data verification

The check algorithms we are more familiar with include parity check and CRC check. These two kinds of checks do not have the ability to resist data tampering. They can detect and correct channel errors in transmitted data to a certain extent, butMalicious destruction of data cannot be prevented.

The "digital fingerprint" feature of the MD5 Hash algorithm makes it the most widely used file integrity check algorithm. Many Unix systems provide commands for calculating md5 checksum.

3. Digital signature

Hash algorithm is also an important part of modern password system.Because the operation speed of asymmetric algorithms is relatively slow, one-way hash functions play an important role in digital signature protocols.Digitally signing a hash value, also known as a "digital digest", is statistically equivalent to digitally signing the file itself.And this protocol has other advantages.

In addition, Hash can be used for: hash function words, load balancing, data sharding, distributed storage, etc.