A solution for user authentication using MD5 in Linux
- 2020-05-09 19:41:00
- OfStack
Use the MD5 function in openssl, which returns 16 bytes of data of type unsigned char, each byte ranging from 0 to 255
It's formatted as base 106, which is a 32-bit md5 code. Note: 1 byte is 8 bits, which is exactly 2 bits in base 106.
Use the user name of the login client to get the salt value and the encrypted password from the Redis database, and then encrypt the password of the login client through salt, and
Compare passwords in the Redis database. The same validates, otherwise the validation fails.
Passwords in the Redis database are stored in password:salt
The user verification algorithm is as follows:
int user_authenticate(char *username, char *password)
{
salt salt_pw char * and * and * pw;
char buf [40].
char tmp [3] = {} '\ 0', md5_str [33] = {} '\ 0';
unsigned char md [16].
int i;
//get_salt_pw calls Redis database to get password:salt
salt_pw = get_salt_pw (db username);
pw = strtok (salt_pw, ":");
if (! pw) {
return 0;
}
salt = strtok (NULL, ":");
if (! salt) {
return 0;
}
strcpy (buf password);
strcat (buf salt);
MD5((const unsigned char*)buf, strlen(buf), md);
/ / transform to md5 string
for (i = 0; i < 16; i++){
02 x sprintf (tmp, "%", md [i]);
strcat (md5_str tmp);
}
//compare encode password using md5
if (strcmp ((char *) md5_str pw)) {
return 0;
}
return 1;
}
Note the use of the strtok function and the conversion of the 16-byte unsigned char to a 32-bit hexadecimal number.