-
用户端:PASS=MD5(明文+固定salt)
-
服务端:PASS=MD5(用户输入+随机salt)
用户端MD5:防止用户的明文密码在网络上进行传输。
服务端MD5:当数据库被盗,防止反查。
package cn.chen.miaosha.util;
import org.apache.commons.codec.digest.DigestUtils;
public class MD5Util {
public static String md5(String src){
return DigestUtils.md5Hex(src);
}
//固定salt
private static final String salt = "1a2b3c4d";
public static String inputPassToFrom(String inputPass){
String str = "" + salt.charAt(0) + salt.charAt(2) + inputPass + salt.charAt(5) +salt.charAt(4);
return md5(str);
}
public static String fromPassToDBPass(String fromPass, String salt){
String str = "" + salt.charAt(0) + salt.charAt(2) + fromPass + salt.charAt(5) +salt.charAt(4);
return md5(str);
}
public static String inputPassToDBPass(String input,String saltDB){
String fromPass = inputPassToFrom(input);
String dbPass = fromPassToDBPass(fromPass,saltDB);
return dbPass;
}
public static void main(String[] args) {
// System.out.println(inputPassToFrom("123456"));
// System.out.println(fromPassToDBPass(inputPassToFrom("123456"),"1a2b3c4b"));
System.out.println(inputPassToDBPass("123456","1a2b3c4d"));
}
}