About password encryption md5 And salt treatment

md5 encryption :
When the user registers, the encrypted password is sent to the back-end storage. When logging in ,
Then match the encrypted password with the encrypted password in the database .
This encryption does not require decryption

One .md5 The in vue In the middle of the day :

1. install .

npm install js-md5 -D

2. Use .
（1） Introduced in the project md5 modular .

import md5 from “js-md5”

（2） stay main.js There will be md5 Convert to vue Prototype

import md5 from "js-md5"
Vue.prototype.$md5=md5

3. Example

<input type="number" v-model="value"> 
console.log(" Encrypted password ："+ this.$md5(this.value))

Two .md5 The in react In the middle of the day :

First step ：
npm install js-md5, Install in the root directory of the file , The instructions are as follows

npm install --save js-md5      // Install into production environment 

The second step ：
introduce js-md5
At the project entrance file index.js in introduce js-md5

import md5 from 'js-md5'
 Mount to react On the prototype of 
React.Component.prototype.$md5 = md5

The third step ：
To use... In components

import React, {
     Component } from 'react' 
class friend extends Component {
      
   componentWillMount () {
       
       let str = '123456' 
       let data = this.$md5(str)   
        console.log(data) // e10adc3949ba59abbe56e057f20f883e 
         }  
    render() {
     
       return (  
           <div className="friend"> friend friend </div>   
            )}
      } 
export default friend

III. salt adding treatment

Directly analyze important data MD5 After processing , Reverse decryption is really difficult , But the flaw can still be found , If the user named LiZicheng can view the database , Then he can observe that his password is the same as that of others , that , Others use the same password as themselves , such , You can log in as someone else . So did our previous encryption methods fail to deal with this behavior ？ In fact, just a little confusion can prevent , This is called... In encryption terminology “ Add salt ”. Specifically, in the original material （ User defined password ） Add other ingredients to （ Generally, it is the user's own and constant factor ）, In order to increase the system complexity . When this salt is combined with the user password , Then through the summary processing , You can get more hidden summary values . See code below ：
// Salt and encrypt the password , Encrypt and then pass Hibernate Save... In the database

String changedPswd = DigestUtils.md5Hex(name + pswd);

It's that simple , Salt in the above code is the user name , If you can, you can also use the email when the user registers , Registration time and other non empty information （ If it's empty, the salting process will fail ）. Their actual login passwords are 123456, But you can't see it by looking at user records . Now people with ulterior motives open the database and see completely different passwords , His previous methods have failed .