自定义MD5加盐加密方式代码实现 博客分类: java随笔 Securityjava
程序员文章站
2024-03-13 19:15:21
...
按照自己的理解对密码加盐加密。当用户注册时候会先生成盐值,保存,然后保存账户和密码。当用户去登录的时候,我们需要先通过我们的用户名去查询我们的盐值,然后再根据盐值和密码去匹配对应的数据库。当然这里可能出现一个用户名有多个盐值的问题,这可能也是很多网站注册利用用户名去唯一识别,当然也跟需求有关,不能修改用户名.。如果是多个的就需要循环去比对.这次加密,主要讲MD5自己改写 然后加上盐值去保存,双重保密,这样应该可以防止暴力破解了吧。
来看代码吧:
这里写了主要逻辑业务代码,其他代码就不写了,盐值自己用了uuid 当然也可以自己定义,用其他盐值。
数据库保存的密码:3y166d4b4#4=4w2x3j5p2u1n602#2e4747c4aceee805427696846f3a83f880be
数据库的盐值:47c4aceee805427696846f3a83f880be
来看代码吧:
package demo.dcn.service.utils.security; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class Md5Util { // 全局数组 private final static String[] strDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f","h","g","i","j","k","m","n","o", "p","q","x","y","z","u","w","=","+","-","^","*","#","v"}; public Md5Util() { } /** * 返回形式为数字跟字符串 * @param bByte * @return */ private static String byteToArrayString(byte bByte) { int iRet = bByte; // System.out.println("iRet="+iRet); if (iRet < 0) { iRet += 256; } int iD1 = iRet / 38; int iD2 = iRet % 38; return strDigits[iD1] + strDigits[iD2]; } /** * 转换字节数组为16进制字串 * @param bByte * @return */ private static String byteToString(byte[] bByte) { StringBuffer sBuffer = new StringBuffer(); for (int i = 0; i < bByte.length; i++) { sBuffer.append(byteToArrayString(bByte[i])); } return sBuffer.toString(); } /** * HASH加密 * @param strObj * @return */ public static String GetMD5Code(String strObj) { String resultString = null; try { resultString = new String(strObj); MessageDigest md = MessageDigest.getInstance("MD5"); // md.digest() 该函数返回值为存放哈希值结果的byte数组 resultString = byteToString(md.digest(strObj.getBytes())); } catch (NoSuchAlgorithmException ex) { ex.printStackTrace(); } return resultString; } public static void main(String[] args) { Md5Util getMD5 = new Md5Util(); System.out.println(getMD5.GetMD5Code("0123")); System.out.println(getMD5.GetMD5Code("0123")); } }
package demo.dcn.service.impl; import java.util.List; import javax.annotation.Resource; import org.springframework.stereotype.Service; import demo.dcn.dao.LookerDaoMapper; import demo.dcn.service.RegisterService; import demo.dcn.service.utils.security.Md5Util; import demo.dcn.type.ResultMap; import demo.dcn.vo.Looker; import demo.dcn.vo.LookerSalt; @Service public class RegisterServiceImpl implements RegisterService { @Resource private LookerDaoMapper lookerDaoMapper; @Override public ResultMap lookerRegister(Looker looker) { ResultMap resultMap = ResultMap.SUCCESS; lookerDaoMapper.lookerRegisterDao(looker); return resultMap; } @Override public void lookerSaltRegister(LookerSalt lookerSalt) { lookerDaoMapper.lookerSaltReDao(lookerSalt); } @Override public Looker lookerLogin(Looker looker) { List<String> salts = lookerDaoMapper.find(looker.getLookerName());//可能查询多个盐值 Looker looker2 = null; if(salts!=null&&salts.size()>0){ String password = looker.getLookerPassword(); for (String salt : salts) { looker.setLookerPassword(Md5Util.GetMD5Code(password)+salt); looker2 = lookerDaoMapper.lookerLogin(looker); if(looker2!=null){//如果匹配到对应的帐号就返回 break; } } } return looker2; } }
import javax.annotation.Resource; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import demo.dcn.service.RegisterService; import demo.dcn.service.utils.UuidUtils; import demo.dcn.service.utils.security.Md5Util; import demo.dcn.vo.Looker; import demo.dcn.vo.LookerSalt; /** * 测试 * @author kun.zhang@downjoy.com * * */ @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations={ "classpath*:config/demo-spring-context.xml", "classpath*:config/demo-spring-datasource.xml", "classpath*:config/demo-spring-redis.xml", "classpath*:config/demo-sql-config.xml" }) public class test { @Autowired private RegisterService registerService; @Test public void testRegist(){ LookerSalt lookerSalt = new LookerSalt(); String uuid = UuidUtils.getuuid(); lookerSalt.setLookerName("张三"); lookerSalt.setUuid(uuid); registerService.lookerSaltRegister(lookerSalt); Looker looker = new Looker(); looker.setLookerName("张三"); looker.setLookerLevel(1); looker.setLoginStatus(0); looker.setLookerPassword(Md5Util.GetMD5Code("adcv0123fsac")+uuid);//加密 registerService.lookerRegister(looker); System.out.println("a"); } @Test public void testLogin(){ Looker looker = new Looker(); looker.setLookerName("张三"); looker.setLookerPassword("adcv0123fsac"); Looker looker2= registerService.lookerLogin(looker); if(looker2!=null){ System.out.println("登录成功"); looker2.toString(); }else{ System.out.println("登录失败"); } }
这里写了主要逻辑业务代码,其他代码就不写了,盐值自己用了uuid 当然也可以自己定义,用其他盐值。
数据库保存的密码:3y166d4b4#4=4w2x3j5p2u1n602#2e4747c4aceee805427696846f3a83f880be
数据库的盐值:47c4aceee805427696846f3a83f880be