Home > Article > Backend Development > PHP user password encryption algorithm analysis
PHP user password encryption algorithm analysis
- 怪我咯Original
- 2018-05-28 11:50:313432browse
Common encryption algorithms can be divided into three categories, symmetric encryption algorithms, asymmetric encryption algorithms and Hash algorithms.
Symmetric encryption
refers to an encryption algorithm that uses the same key for encryption and decryption. The advantages of symmetric encryption algorithms lie in the high speed of encryption and decryption and the difficulty in cracking when using long keys. Assuming that two users need to use symmetric encryption method to encrypt and then exchange data, the users need at least 2 keys and exchange them. If there are n users in the enterprise, the entire enterprise will need a total of n×(n-1) keys. The generation and distribution of keys will become a nightmare for enterprise information departments. The security of the symmetric encryption algorithm depends on the storage of the encryption key, but it is impossible to require everyone in the enterprise who holds the key to keep the secret secret. They usually secrete the key intentionally or unintentionally. Leakage - If the key used by a user is obtained by an intruder, the intruder can read all the documents encrypted by the user's key. If the entire enterprise shares an encryption key, the confidentiality of the entire enterprise's documents will be lost. Talk about.
Common symmetric encryption algorithms: DES, 3DES, DESX, Blowfish, IDEA, RC4, RC5, RC6 and AES
This article mainly introduces the PHP user password encryption algorithm, which is more detailed The principle of the Discuz encryption algorithm is analyzed, and the implementation method of the .net algorithm is compared with the example form, and the process and implementation method of user encryption in PHP are summarized. Friends in need can refer to the password of
Discuz The encryption algorithm is actually two MD5 encryptions. First, encrypt with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text and perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.
Like this:
MD5(MD5(plaintext)+salt)
The following is the implementation code of .net:
string GetDiscuzPWString(string sourceStr, string salt)
{
return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt));
}
string GetMd5Hash(string input)
{
MD5 md5Hasher = MD5.Create();
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}Summary of the password judgment method:
① To installUC
② Open the database and find the uc_members table, and look for the last A field "salt", copy the value inside
③ Pseudo code:
$s=md5(md5("密码")."salt字段的值");
echo $s;④ Use IF to judge
⑤ Say it again! That random number is 6 digits!
The above is the detailed content of PHP user password encryption algorithm analysis. For more information, please follow other related articles on the PHP Chinese website!