自定义MD5加盐加密方式代码实现 博客分类: java随笔 Securityjava
程序员文章站
2024-03-13 19:15:21
...
按照自己的理解对密码加盐加密。当用户注册时候会先生成盐值,保存,然后保存账户和密码。当用户去登录的时候,我们需要先通过我们的用户名去查询我们的盐值,然后再根据盐值和密码去匹配对应的数据库。当然这里可能出现一个用户名有多个盐值的问题,这可能也是很多网站注册利用用户名去唯一识别,当然也跟需求有关,不能修改用户名.。如果是多个的就需要循环去比对.这次加密,主要讲MD5自己改写 然后加上盐值去保存,双重保密,这样应该可以防止暴力破解了吧。
来看代码吧:
这里写了主要逻辑业务代码,其他代码就不写了,盐值自己用了uuid 当然也可以自己定义,用其他盐值。
数据库保存的密码:3y166d4b4#4=4w2x3j5p2u1n602#2e4747c4aceee805427696846f3a83f880be
数据库的盐值:47c4aceee805427696846f3a83f880be
来看代码吧:
package demo.dcn.service.utils.security;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class Md5Util {
// 全局数组
private final static String[] strDigits = { "0", "1", "2", "3", "4", "5",
"6", "7", "8", "9", "a", "b", "c", "d", "e", "f","h","g","i","j","k","m","n","o",
"p","q","x","y","z","u","w","=","+","-","^","*","#","v"};
public Md5Util() {
}
/**
* 返回形式为数字跟字符串
* @param bByte
* @return
*/
private static String byteToArrayString(byte bByte) {
int iRet = bByte;
// System.out.println("iRet="+iRet);
if (iRet < 0) {
iRet += 256;
}
int iD1 = iRet / 38;
int iD2 = iRet % 38;
return strDigits[iD1] + strDigits[iD2];
}
/**
* 转换字节数组为16进制字串
* @param bByte
* @return
*/
private static String byteToString(byte[] bByte) {
StringBuffer sBuffer = new StringBuffer();
for (int i = 0; i < bByte.length; i++) {
sBuffer.append(byteToArrayString(bByte[i]));
}
return sBuffer.toString();
}
/**
* HASH加密
* @param strObj
* @return
*/
public static String GetMD5Code(String strObj) {
String resultString = null;
try {
resultString = new String(strObj);
MessageDigest md = MessageDigest.getInstance("MD5");
// md.digest() 该函数返回值为存放哈希值结果的byte数组
resultString = byteToString(md.digest(strObj.getBytes()));
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
}
return resultString;
}
public static void main(String[] args) {
Md5Util getMD5 = new Md5Util();
System.out.println(getMD5.GetMD5Code("0123"));
System.out.println(getMD5.GetMD5Code("0123"));
}
}
package demo.dcn.service.impl;
import java.util.List;
import javax.annotation.Resource;
import org.springframework.stereotype.Service;
import demo.dcn.dao.LookerDaoMapper;
import demo.dcn.service.RegisterService;
import demo.dcn.service.utils.security.Md5Util;
import demo.dcn.type.ResultMap;
import demo.dcn.vo.Looker;
import demo.dcn.vo.LookerSalt;
@Service
public class RegisterServiceImpl implements RegisterService {
@Resource
private LookerDaoMapper lookerDaoMapper;
@Override
public ResultMap lookerRegister(Looker looker) {
ResultMap resultMap = ResultMap.SUCCESS;
lookerDaoMapper.lookerRegisterDao(looker);
return resultMap;
}
@Override
public void lookerSaltRegister(LookerSalt lookerSalt) {
lookerDaoMapper.lookerSaltReDao(lookerSalt);
}
@Override
public Looker lookerLogin(Looker looker) {
List<String> salts = lookerDaoMapper.find(looker.getLookerName());//可能查询多个盐值
Looker looker2 = null;
if(salts!=null&&salts.size()>0){
String password = looker.getLookerPassword();
for (String salt : salts) {
looker.setLookerPassword(Md5Util.GetMD5Code(password)+salt);
looker2 = lookerDaoMapper.lookerLogin(looker);
if(looker2!=null){//如果匹配到对应的帐号就返回
break;
}
}
}
return looker2;
}
}
import javax.annotation.Resource;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import demo.dcn.service.RegisterService;
import demo.dcn.service.utils.UuidUtils;
import demo.dcn.service.utils.security.Md5Util;
import demo.dcn.vo.Looker;
import demo.dcn.vo.LookerSalt;
/**
* 测试
* @author kun.zhang@downjoy.com
*
*
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations={
"classpath*:config/demo-spring-context.xml",
"classpath*:config/demo-spring-datasource.xml",
"classpath*:config/demo-spring-redis.xml",
"classpath*:config/demo-sql-config.xml"
})
public class test {
@Autowired
private RegisterService registerService;
@Test
public void testRegist(){
LookerSalt lookerSalt = new LookerSalt();
String uuid = UuidUtils.getuuid();
lookerSalt.setLookerName("张三");
lookerSalt.setUuid(uuid);
registerService.lookerSaltRegister(lookerSalt);
Looker looker = new Looker();
looker.setLookerName("张三");
looker.setLookerLevel(1);
looker.setLoginStatus(0);
looker.setLookerPassword(Md5Util.GetMD5Code("adcv0123fsac")+uuid);//加密
registerService.lookerRegister(looker);
System.out.println("a");
}
@Test
public void testLogin(){
Looker looker = new Looker();
looker.setLookerName("张三");
looker.setLookerPassword("adcv0123fsac");
Looker looker2= registerService.lookerLogin(looker);
if(looker2!=null){
System.out.println("登录成功");
looker2.toString();
}else{
System.out.println("登录失败");
}
}
这里写了主要逻辑业务代码,其他代码就不写了,盐值自己用了uuid 当然也可以自己定义,用其他盐值。
数据库保存的密码:3y166d4b4#4=4w2x3j5p2u1n602#2e4747c4aceee805427696846f3a83f880be
数据库的盐值:47c4aceee805427696846f3a83f880be