### 1. Contrast

- 无加密库

2. After encryption

### 2. Simple understanding of encryption types

Common encryption algorithm classification

Symmetric encryption algorithms: DES, 3DES, DESX, Blowfish, IDEA, RC4, RC5, RC6, and AES

asymmetric encryption algorithms: RSA, ECC (for mobile devices), Diffie-Hellman, El Gamal, DSA (digital signature) Use)

Hash algorithm: MD2, MD4, MD5, HAVAL, SHA, SHA-1, HMAC, HMAC-MD5, HMAC-SHA1

** In short, asymmetric encryption is irreversible **

SHA256 encryption Secure Hash Algorithm (SHA)

### 3. Why add salt to salt?

salt: is a string of random strings, used to splicing with user passwords, running encryption algorithms, 不重复的Encrypted password.

cite a possible example of repetition. Although the asymmetry algorithm is irreversible, But 茫茫人海

碰巧张三和李四's passwords are 123456

After the same SHA256 encryption algorithm, the passwords after encryption are the same

细思极恐怖

那I can make a table

原密码 | The password |
---|---|

123456 | 502ea227f3c100a04edc2bddcea2e540da5d9c9ee4e38b2e50e3da76cc3d72f4 |

abcd | a9d497a3e2ec3967272940724bc9d3165f8a0adac42efcb94234e04bd23b35bd |

…… | …… |

after Sha256 encryption will cause the birth of the rainbow table

**彩虹表** is a cryptographic hash The pre-computed table of the inverse function of the function is prepared for cracking the hash value of the password (or hash value, thumbnail, digest, fingerprint, hash ciphertext). The mainstream mainstream rainbow watches are all above 100G. Such tables are often used to recover fixed-length plain text passwords consisting of finite set characters. This is a typical practice of space/time replacement. It is less time-consuming and more storage space than the hash calculation for each attempt, but it has less storage space than the simple way to crack each input hash table. More processing time. This attack can be made difficult by using the KDF function with salt. The rainbow table is the application of the simple algorithm proposed by Martin Herman earlier. [1]

How to prevent rainbow table crack password Answer: Add salt

### 4. How to verify login

Login failure is not recommended to write clear error message In case of giving clues to hackers