Sha256Hash+salt Encryption

1. Contrast

  1. 无加密库


2. After encryption 这里写图片描述

2. Simple understanding of encryption types

Common encryption algorithm classification

Symmetric encryption algorithms: DES, 3DES, DESX, Blowfish, IDEA, RC4, RC5, RC6, and AES

asymmetric encryption algorithms: RSA, ECC (for mobile devices), Diffie-Hellman, El Gamal, DSA (digital signature) Use)

Hash algorithm: MD2, MD4, MD5, HAVAL, SHA, SHA-1, HMAC, HMAC-MD5, HMAC-SHA1

In short, asymmetric encryption is irreversible

SHA256 encryption Secure Hash Algorithm (SHA)

3. Why add salt to salt?

salt: is a string of random strings, used to splicing with user passwords, running encryption algorithms, 不重复的Encrypted password.

cite a possible example of repetition. Although the asymmetry algorithm is irreversible, But 茫茫人海


碰巧张三和李四's passwords are 123456

After the same SHA256 encryption algorithm, the passwords after encryption are the same


那I can make a table

原密码 The password
123456 502ea227f3c100a04edc2bddcea2e540da5d9c9ee4e38b2e50e3da76cc3d72f4
abcd a9d497a3e2ec3967272940724bc9d3165f8a0adac42efcb94234e04bd23b35bd
…… ……

after Sha256 encryption will cause the birth of the rainbow table

彩虹表 is a cryptographic hash The pre-computed table of the inverse function of the function is prepared for cracking the hash value of the password (or hash value, thumbnail, digest, fingerprint, hash ciphertext). The mainstream mainstream rainbow watches are all above 100G. Such tables are often used to recover fixed-length plain text passwords consisting of finite set characters. This is a typical practice of space/time replacement. It is less time-consuming and more storage space than the hash calculation for each attempt, but it has less storage space than the simple way to crack each input hash table. More processing time. This attack can be made difficult by using the KDF function with salt. The rainbow table is the application of the simple algorithm proposed by Martin Herman earlier. [1]

How to prevent rainbow table crack password Answer: Add salt


4. How to verify login


Login failure is not recommended to write clear error message In case of giving clues to hackers