Several encryption methods for MD5 and SHA1 in ASP.NET
- 2020-05-09 18:27:32
- OfStack
The full name of MD5 is Message-Digest Algorithm 5 (information-summarization algorithm), developed in the early 1990s by Mit Laboratory for Computer Science and Rsa data security inc Ronald l. rivest was developed by md2, md3 and md4. Its purpose is to "compress" a large amount of information into a secret format (that is, to convert a byte string of any length into a large integer of a fixed length) before signing the private key with digital signature software. Whether it is md2, md4 or md5, they all need to obtain a random length of information and produce a 128-bit summary of the information.
The encryption hash function maps a binary string of arbitrary length to a small binary string of fixed length. The cryptographic hash function has the property that it is computationally unlikely to find two different inputs to the same hash value; That is, the hash values of the two sets of data will match only if the corresponding data also matches. A small change in the data can cause an unpredictable amount of change in the hash value. So it's very difficult to find any clues in the encrypted text.
The full name for SHA1 is Secure Hash Algorithm(secure hash algorithm)
The hash size of the MD5 algorithm is 128 bits. The hash size of SHA1 is 160 bits. Both algorithms are irreversible.
On August 17, 2004, at the international conference on cryptography (Crypto '2004) in Santa Barbara, California, us, professor wang xiaoyun from shandong university, China, made a report on the decoding of MD5, HAVAL-128, MD4 and RIPEMD algorithms, and published the cracking results of MD series algorithms. The collapse of MD5, the world's unbreakable standard for cryptography, caused a stir in the world of cryptography. But I think it's safe enough for us to do normal software.
We usually use the most is nothing more than to encrypt the user password, the password stored in the database, password comparison, the user input password encryption, and then compared with the ciphertext in the database. As for how the ASP.net class implements the encryption algorithm, we don't need to worry about that, we just need to know how to use it.
Below are several encryption methods in ASP.NET. There are two kinds of encryption algorithms, namely MD5 and SHA1 mentioned above. The example I give here takes MD5 as an example,SHA1 is roughly the same, but the class used is not the same.
MD5 related classes:
SHA1 related classes:
The method is as follows :(vs2005)
These encryption functions are executed on the server side, that is, when the user enters the password and transmits it from the client side to the server side, the user's password is not protected and is very dangerous. The bank's practice is to install the ActiveX control on the client side, and encrypt some important information on the client side before sending it. This even will not pull, I hope to learn to learn to do this ActiveX control.
The encryption hash function maps a binary string of arbitrary length to a small binary string of fixed length. The cryptographic hash function has the property that it is computationally unlikely to find two different inputs to the same hash value; That is, the hash values of the two sets of data will match only if the corresponding data also matches. A small change in the data can cause an unpredictable amount of change in the hash value. So it's very difficult to find any clues in the encrypted text.
The full name for SHA1 is Secure Hash Algorithm(secure hash algorithm)
The hash size of the MD5 algorithm is 128 bits. The hash size of SHA1 is 160 bits. Both algorithms are irreversible.
On August 17, 2004, at the international conference on cryptography (Crypto '2004) in Santa Barbara, California, us, professor wang xiaoyun from shandong university, China, made a report on the decoding of MD5, HAVAL-128, MD4 and RIPEMD algorithms, and published the cracking results of MD series algorithms. The collapse of MD5, the world's unbreakable standard for cryptography, caused a stir in the world of cryptography. But I think it's safe enough for us to do normal software.
We usually use the most is nothing more than to encrypt the user password, the password stored in the database, password comparison, the user input password encryption, and then compared with the ciphertext in the database. As for how the ASP.net class implements the encryption algorithm, we don't need to worry about that, we just need to know how to use it.
Below are several encryption methods in ASP.NET. There are two kinds of encryption algorithms, namely MD5 and SHA1 mentioned above. The example I give here takes MD5 as an example,SHA1 is roughly the same, but the class used is not the same.
MD5 related classes:
System.Security.Cryptography.MD5
System.Security.Cryptography.MD5CryptoServiceProvider()
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "MD5")
SHA1 related classes:
System.Security.Cryptography.SHA1
System.Security.Cryptography.SHA1CryptoServiceProvider()
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "SHA1")
The method is as follows :(vs2005)
/**//// <summary>
/// methods 1: Through the use of new Operator to create an object
/// </summary>
/// <param name="strSource"> Plaintext that needs to be encrypted </param>
/// <returns> return 16 Bit encryption results, the result is taken 32 Bit to encrypt the th of the result 9 A to 25 position </returns>
public string Get_MD5_Method1(string strSource)
{
//new
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
// Gets an array of ciphertext bytes
byte[] bytResult = md5.ComputeHash(System.Text.Encoding.Default.GetBytes(strSource));
// Convert to a string and fetch 9 to 25 position
string strResult = BitConverter.ToString(bytResult, 4, 8);
// Convert to a string, 32 position
//string strResult = BitConverter.ToString(bytResult);
//BitConverter The converted string is generated in the middle of each character 1 I need to get rid of it
strResult = strResult.Replace("-", "");
return strResult;
}
/**//// <summary>
/// methods 2: By calling an abstract class on a particular encryption algorithm Create Method to create an object that implements a particular encryption algorithm.
/// </summary>
/// <param name="strSource"> Plaintext that needs to be encrypted </param>
/// <returns> return 32 Bit encryption result </returns>
public string Get_MD5_Method2(string strSource)
{
string strResult = "";
//Create
System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create();
// Pay attention to the code UTF8 , UTF7 , Unicode Such as the choice of
byte[] bytResult = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(strSource));
// An array of byte types is converted to a string
for (int i = 0; i < bytResult.Length; i++)
{
//16 Hexadecimal conversion
strResult = strResult + bytResult[i].ToString("X");
}
return strResult;
}
/**//// <summary>
/// methods 3: Direct use of HashPasswordForStoringInConfigFile generate
/// </summary>
/// <param name="strSource"> Plaintext that needs to be encrypted </param>
/// <returns> return 32 Bit encryption result </returns>
public string Get_MD5_Method3(string strSource)
{
return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strSource, "MD5");
}
These encryption functions are executed on the server side, that is, when the user enters the password and transmits it from the client side to the server side, the user's password is not protected and is very dangerous. The bank's practice is to install the ActiveX control on the client side, and encrypt some important information on the client side before sending it. This even will not pull, I hope to learn to learn to do this ActiveX control.