本文介绍了加盐技术在MD5加密中的应用,以提高密码安全性。文中给出了前端生成随机加盐字符串的JavaScript代码示例,并展示了后端如何解密并去除盐值进行登录验证的过程。这种方法通过在参数字符串前后加盐,增强了数据的保密性。
什么是加盐
为了加强MD5的安全性,从而加入了新的算法部分即为加盐值,加盐值是随机生成的一组字符串,可以包括随机的大小写字母、数字、字符、位数可以根据要求而不一样,使用不同的加盐值产生的最终密文是不一样的
前端
//n为要生成的字符串长度
generateMixed(n) {
var str = ["0","1","2","3","4","5","6","7","8","9",
"A","a","B","b","C","c","D","d","E","e",
"F","f","G","g","H","h","I","i","J","j",
"K","k","L","l","M","m","N","n","O","o",
"P","p","Q","q","R","r","S","s","T","t",
"U","u","V","v","W","w","X","x","Y","y",
"Z","z"];
var res = "";
for (var i = 0; i < n; i++) {
var id = Math.ceil(Math.random() * 62);
res += str[id];
}
return res;
};
//将登陆参数转为json字符串并使用Base64编码,并加盐
var randow1 = this.generateMixed(6);
var randow2 = this.generateMixed(6);
let loginData = {
loginName: this.loginForm.username,
pwd: this.$md5(this.loginForm.password),
imageCode: this.loginForm.imageCode,
codeId: vcodeId,
type: '2',
};
let param = randow1 + CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(JSON.stringify(loginData))) + randow2;
ywLogin({ formdata: param })
.then(res => {
//登陆成功操作
})
.catch(err => {
console.log(err);
});
后端
public void login(@RequestBody Map<String,String> params, HttpServletRequest req) {
//获取参数值
String formData = params.get("formdata");
//去掉盐值
formData = formData.substring(6,formData.length()-6);
byte[] bytes = Base64.decodeBase64(formData);
String param = new String(bytes);
Map<String, String> parse = (Map<String, String>) JSON.parse(param);
AuthLoginDto user = new AuthLoginDto();
user.setLoginName(parse.get("loginName"));
user.setPwd(parse.get("pwd"));
user.setCodeId(parse.get("codeId"));
user.setImageCode(parse.get("imageCode"));
user.setType(Integer.parseInt(parse.get("type")));
//登陆操作
}
以上只是简单的在参数字符串前后加盐,也可以根据自己的方式使用更复杂的加盐方式。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
