MD5 encryption algorithm ASP version

Doreen

December 2, 2022 at 3:22 pm

MD5's Java Bean Implementation
MD5 Introduction

md5 is the full name of Message-Digest Algorithm 5. In the early 1990s, MIT computer science laboratories and RSA Data Security Inc were invented. MD4 develops.

message-digest refers to the hash transformation of the byte (Message), which is to transform a heets of an arbitrary length into a large large integer. Please note that I use the word "byte string" instead of the word "string", because this transformation is only related to the value of byte, which has nothing to do with the character set or encoding method.

MD5 transforms the "byte string" of any length into a large integer of 128bit, and it is an irreversible string transformation algorithm. In other words, even if you see the source program and algorithm description It is also impossible to replace the value of a MD5 back to the original string. From the principle of mathematics, it is because the original string has infinite multiple, which is a bit like a mathematical function that does not have anti -functions.

MD5 is a typical application to generate (fingerprint) to a paragraph (byte string) to prevent "tampering". For example, you write a paragraph in a readme.txt file, and generate a value of MD5 in the reaDMe.txt to the case. Then you can spread this file to others. If others modify the file in the file Any content, you will find it when you re -calculate the MD5 for this file. If there is another third -party certification agency, using MD5 can also prevent the author's "dependency", which is the so -called digital signature application.

MD5 is also widely used in encryption and decryption technology. In many operating systems, the user's password is stored in the MD5 value (or other algorithms). When the user login, the system is the system is the system. Calculate the password entered by the user to the MD5 value, and then compare it with the MD5 value saved in the system, and the system does not "know" what the user's password is.

The method of hackers to crack this password is a method called "running dictionary". There are two ways to get a dictionary, one is a string table used for daily collected passwords, and the other is generated by arranging combination methods. First use the MD5 program to calculate the MD5 value of these dictionary items, and then use the target to use the target of the target MD5 value is retrieved in this dictionary.

How to assume the maximum length of the password is 8, the password can only be letters and numbers, a total of 26 26 10 = 62 characters, and the number of dictionaries arranged in the arrangement is P (62 62 , 1) P (62,2)…. P (62,8), that is also a very astronomical number. Storage of this dictionary requires a TB -level disk group, and this method has a premise It is only possible to obtain the password MD5 value of the target account.

In many e -commerce and community applications, management users' accounts are the most commonly used basic functions. Although many Server provides these basic components, many application developers are greater. Flexibility still likes to use a relationship database to manage users. The lazy approach is that the user's password often uses plainte text or simple transformations to be stored directly in the database. There is no confidentiality at all. The purpose of this article is to introduce the implementation of the Java Bean of MD5, and at the same time give an example of using MD5 to process the user's account password. This method makes neither the administrator and program designer see the user's password, although, although the password They can initialize them. But the important point is the protection of user password settings.

Interested readers can get MD5 from here, which is the text of RFC 1321. //java/jw-tips/tip106/index.shtml

The benefits to putting testing and sample code in an internal static class are a good engineering technique and approach.

In Java Bean in JSP

As we described at the beginning of this article, our application of this MD5 Bean is based on a user management. Here we assume that one of them has a one The user LOGIN process of the virtual community, the user's information is stored in the table name of the database. This table has two fields related to this example, userid: char (20) and PWDMD5: char (32). Userid is the Primary Key of this table, PWDMD5 saves the MD5 string of password. The MD5 value is a large integer of 128bit. , To indicate that the hexades of ASCII requires 32 characters.

The two files here. Login is a Form used to receive the user input. Login.jsp is used to simulate the LOGIN process using MD5 Bean.

In order to make our test environment briefly, we used JDK's built-in JDBC-ODBC Bridge Driver in JSP. Community is the name of ODBC DSN. If you use other JDBC Driver, replace it
con =. ("JDBC: ODBC: Community", "", "");
.

login.jsp's working principle is very simple. You receive the userid and passwords entered by the user through the post, and then convert the password to the MD5 string, and then find Userid and PWDMD5 in the UserS table, because Userid is the users table. Primary Key, if the transforming PWDMD5 does not match the records in the table, the SQL query will get a empty result set.

The brief introduction here is to use this bean to create a Beartool directory under the web-inf/classs of your JSP application, and then copy the md5.class to that in that directory. It's right. If you use some integrated development environments, please refer to the description of their deploy tools. A key statement of using a Java Bean in JSP is the second line in the program:

u003Cjsp: usebean id = omd5 scope = request class = beartool.md5/r n The JSP specification requires the standard TAG that JSP container developers must provide.

id = Actually indicating the instance variable name used when JSP Container created an instance of the bean. You can quote it in the u003C%and%> Java programs in the back. As can be seen in the program, the only public method provided by our MD5 Java Bean through pwdmd5 = omd5.

java server execute. JSP process is to pre -compile it to .java (those TAGs will become Java statements when compiling pre -compilation), and then compiled into .class. These are automatically completed and maintained by the system, and that .class is also called service. Of course, if you are willing, you can also help Java Server to do what it should do and write directly to the service, but use Servlet to output HTML, which is back to the era of dream of writing CGI programs with C.

If your output is a complex table, a more convenient method I think I still use a "template" with an HTML editor you are familiar with, and then "embedding" the JSP code. Although this JSP code is accused of "hollow powder" by some experts, it does have a disadvantage that the code is difficult to manage and reuse, but the program design will always need to be a trade -off. I personally think that for small and small projects, the ideal structure is to write the data (or not strictly referred to as the web interface), which is written in JSP and placed in the bean that is not related to the interface. Generally, it is not the case. You need to write the service directly.

If you think this method is not very OO (Object Oriented), you can inherit (Extends), and then write a Bean to pack the user's managed function.

Can you compatible?

It tested three Java application server environments, Resin 1.2.3, Sun J2EE 1.2, IBM WebSphere 3.5. Fortunately, there is no problem with this Java Bean because it is just a calculation. Program, does not involve operating systems, I/O devices. It is practical to simply achieve its compatibility. The only advantage of Java is that you only need to provide a form of running code. Please pay attention to the word "form". Now many computing structures and operating systems define a large number of code forms except the language itself. It is very simple to consider many problems when converting into different forms. At the same time, it is subject to many restrictions. Sometimes learning a new "form" may spend more energy than solving the problem itself. For example, Windows has EXE, Service, Ordinary DLL, COM DLL, and OCX, etc. Although it is simpler on Unix, it is necessary Platform compiler version length problem. I think this is a very important charm for Java to me.

md5 algorithm description

, supplementary position
. Data length
3. Initialization MD5 parameter
5. Main transformation process
6. Output results

:
md5 algorithm to make up for the input data, so that the data bit length Len sees 512 for 512. The result is 448. That is, the data expands to K*512 448 bits. That is K*64 56 bytes, K is an integer.
Preded operation: Add one 1, and then make up 0 to meet the above requirements.
The data replenishment:
The 64 -bit number represents the original length B of the data, and B is represented by two 32 digits. At this time, the number
is filled into a multiple of 512 bits.
The initialization of MD5 parameters:
four 32 -bit integer (A, B, C, D) is used to calculate information abstracts, which initialize the number of hexadic tables
na =
b =
c =
d =

The processing bit operation function:
x, y, z is 32 -bit integer.
f (x, y, z) = x

1 thought on “MD5 encryption algorithm ASP version”

Doreen
December 2, 2022 at 3:22 pm

MD5's Java Bean Implementation
MD5 Introduction

md5 is the full name of Message-Digest Algorithm 5. In the early 1990s, MIT computer science laboratories and RSA Data Security Inc were invented. MD4 develops.

message-digest refers to the hash transformation of the byte (Message), which is to transform a heets of an arbitrary length into a large large integer. Please note that I use the word "byte string" instead of the word "string", because this transformation is only related to the value of byte, which has nothing to do with the character set or encoding method.

MD5 transforms the "byte string" of any length into a large integer of 128bit, and it is an irreversible string transformation algorithm. In other words, even if you see the source program and algorithm description It is also impossible to replace the value of a MD5 back to the original string. From the principle of mathematics, it is because the original string has infinite multiple, which is a bit like a mathematical function that does not have anti -functions.

MD5 is a typical application to generate (fingerprint) to a paragraph (byte string) to prevent "tampering". For example, you write a paragraph in a readme.txt file, and generate a value of MD5 in the reaDMe.txt to the case. Then you can spread this file to others. If others modify the file in the file Any content, you will find it when you re -calculate the MD5 for this file. If there is another third -party certification agency, using MD5 can also prevent the author's "dependency", which is the so -called digital signature application.

MD5 is also widely used in encryption and decryption technology. In many operating systems, the user's password is stored in the MD5 value (or other algorithms). When the user login, the system is the system is the system. Calculate the password entered by the user to the MD5 value, and then compare it with the MD5 value saved in the system, and the system does not "know" what the user's password is.

The method of hackers to crack this password is a method called "running dictionary". There are two ways to get a dictionary, one is a string table used for daily collected passwords, and the other is generated by arranging combination methods. First use the MD5 program to calculate the MD5 value of these dictionary items, and then use the target to use the target of the target MD5 value is retrieved in this dictionary.

How to assume the maximum length of the password is 8, the password can only be letters and numbers, a total of 26 26 10 = 62 characters, and the number of dictionaries arranged in the arrangement is P (62 62 , 1) P (62,2)…. P (62,8), that is also a very astronomical number. Storage of this dictionary requires a TB -level disk group, and this method has a premise It is only possible to obtain the password MD5 value of the target account.

In many e -commerce and community applications, management users' accounts are the most commonly used basic functions. Although many Server provides these basic components, many application developers are greater. Flexibility still likes to use a relationship database to manage users. The lazy approach is that the user's password often uses plainte text or simple transformations to be stored directly in the database. There is no confidentiality at all. The purpose of this article is to introduce the implementation of the Java Bean of MD5, and at the same time give an example of using MD5 to process the user's account password. This method makes neither the administrator and program designer see the user's password, although, although the password They can initialize them. But the important point is the protection of user password settings.

Interested readers can get MD5 from here, which is the text of RFC 1321. //java/jw-tips/tip106/index.shtml

The benefits to putting testing and sample code in an internal static class are a good engineering technique and approach.

In Java Bean in JSP

As we described at the beginning of this article, our application of this MD5 Bean is based on a user management. Here we assume that one of them has a one The user LOGIN process of the virtual community, the user's information is stored in the table name of the database. This table has two fields related to this example, userid: char (20) and PWDMD5: char (32). Userid is the Primary Key of this table, PWDMD5 saves the MD5 string of password. The MD5 value is a large integer of 128bit. , To indicate that the hexades of ASCII requires 32 characters.

The two files here. Login is a Form used to receive the user input. Login.jsp is used to simulate the LOGIN process using MD5 Bean.

In order to make our test environment briefly, we used JDK's built-in JDBC-ODBC Bridge Driver in JSP. Community is the name of ODBC DSN. If you use other JDBC Driver, replace it
con =. ("JDBC: ODBC: Community", "", "");
.

login.jsp's working principle is very simple. You receive the userid and passwords entered by the user through the post, and then convert the password to the MD5 string, and then find Userid and PWDMD5 in the UserS table, because Userid is the users table. Primary Key, if the transforming PWDMD5 does not match the records in the table, the SQL query will get a empty result set.

The brief introduction here is to use this bean to create a Beartool directory under the web-inf/classs of your JSP application, and then copy the md5.class to that in that directory. It's right. If you use some integrated development environments, please refer to the description of their deploy tools. A key statement of using a Java Bean in JSP is the second line in the program:

u003Cjsp: usebean id = omd5 scope = request class = beartool.md5/r n The JSP specification requires the standard TAG that JSP container developers must provide.

id = Actually indicating the instance variable name used when JSP Container created an instance of the bean. You can quote it in the u003C%and%> Java programs in the back. As can be seen in the program, the only public method provided by our MD5 Java Bean through pwdmd5 = omd5.

java server execute. JSP process is to pre -compile it to .java (those TAGs will become Java statements when compiling pre -compilation), and then compiled into .class. These are automatically completed and maintained by the system, and that .class is also called service. Of course, if you are willing, you can also help Java Server to do what it should do and write directly to the service, but use Servlet to output HTML, which is back to the era of dream of writing CGI programs with C.

If your output is a complex table, a more convenient method I think I still use a "template" with an HTML editor you are familiar with, and then "embedding" the JSP code. Although this JSP code is accused of "hollow powder" by some experts, it does have a disadvantage that the code is difficult to manage and reuse, but the program design will always need to be a trade -off. I personally think that for small and small projects, the ideal structure is to write the data (or not strictly referred to as the web interface), which is written in JSP and placed in the bean that is not related to the interface. Generally, it is not the case. You need to write the service directly.

If you think this method is not very OO (Object Oriented), you can inherit (Extends), and then write a Bean to pack the user's managed function.

Can you compatible?

It tested three Java application server environments, Resin 1.2.3, Sun J2EE 1.2, IBM WebSphere 3.5. Fortunately, there is no problem with this Java Bean because it is just a calculation. Program, does not involve operating systems, I/O devices. It is practical to simply achieve its compatibility. The only advantage of Java is that you only need to provide a form of running code. Please pay attention to the word "form". Now many computing structures and operating systems define a large number of code forms except the language itself. It is very simple to consider many problems when converting into different forms. At the same time, it is subject to many restrictions. Sometimes learning a new "form" may spend more energy than solving the problem itself. For example, Windows has EXE, Service, Ordinary DLL, COM DLL, and OCX, etc. Although it is simpler on Unix, it is necessary Platform compiler version length problem. I think this is a very important charm for Java to me.

md5 algorithm description

, supplementary position
. Data length
3. Initialization MD5 parameter
5. Main transformation process
6. Output results

:
md5 algorithm to make up for the input data, so that the data bit length Len sees 512 for 512. The result is 448. That is, the data expands to K*512 448 bits. That is K*64 56 bytes, K is an integer.
Preded operation: Add one 1, and then make up 0 to meet the above requirements.
The data replenishment:
The 64 -bit number represents the original length B of the data, and B is represented by two 32 digits. At this time, the number
is filled into a multiple of 512 bits.
The initialization of MD5 parameters:
four 32 -bit integer (A, B, C, D) is used to calculate information abstracts, which initialize the number of hexadic tables
na =
b =
c =
d =

The processing bit operation function:
x, y, z is 32 -bit integer.
f (x, y, z) = x

Log in to Reply

1 thought on “MD5 encryption algorithm ASP version”

Leave a Comment Cancel Reply