新建工程代码如下:
加密分类文件如下:(以后可以直接拖取)
NSString+Hash.h
//
// NSString+Hash.h
// 01-数据安全
//
// Created by 刘天源 on 14/11/12.
// Copyright (c) 2014年 itcast. All rights reserved.
//
#import <Foundation/Foundation.h>
@interface NSString (Hash)
#pragma mark - 散列函数
/**
* 计算MD5散列结果
*
* 终端测试命令:
* @code
* md5 -s "string"
* @endcode
*
* <p>提示:随着 MD5 碰撞生成器的出现,MD5 算法不应被用于任何软件完整性检查或代码签名的用途。<p>
*
* @return 32个字符的MD5散列字符串
*/
- (NSString *)md5String;
/**
* 计算SHA1散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha1
* @endcode
*
* @return 40个字符的SHA1散列字符串
*/
- (NSString *)sha1String;
/**
* 计算SHA256散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha256
* @endcode
*
* @return 64个字符的SHA256散列字符串
*/
- (NSString *)sha256String;
/**
* 计算SHA 512散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha512
* @endcode
*
* @return 128个字符的SHA 512散列字符串
*/
- (NSString *)sha512String;
#pragma mark - HMAC 散列函数
/**
* 计算HMAC MD5散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl dgst -md5 -hmac "key"
* @endcode
*
* @return 32个字符的HMAC MD5散列字符串
*/
- (NSString *)hmacMD5StringWithKey:(NSString *)key;
/**
* 计算HMAC SHA1散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha1 -hmac "key"
* @endcode
*
* @return 40个字符的HMAC SHA1散列字符串
*/
- (NSString *)hmacSHA1StringWithKey:(NSString *)key;
/**
* 计算HMAC SHA256散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha256 -hmac "key"
* @endcode
*
* @return 64个字符的HMAC SHA256散列字符串
*/
- (NSString *)hmacSHA256StringWithKey:(NSString *)key;
/**
* 计算HMAC SHA512散列结果
*
* 终端测试命令:
* @code
* echo -n "string" | openssl sha -sha512 -hmac "key"
* @endcode
*
* @return 128个字符的HMAC SHA512散列字符串
*/
- (NSString *)hmacSHA512StringWithKey:(NSString *)key;
#pragma mark - 文件散列函数
/**
* 计算文件的MD5散列结果
*
* 终端测试命令:
* @code
* md5 file.dat
* @endcode
*
* @return 32个字符的MD5散列字符串
*/
- (NSString *)fileMD5Hash;
/**
* 计算文件的SHA1散列结果
*
* 终端测试命令:
* @code
* openssl sha -sha1 file.dat
* @endcode
*
* @return 40个字符的SHA1散列字符串
*/
- (NSString *)fileSHA1Hash;
/**
* 计算文件的SHA256散列结果
*
* 终端测试命令:
* @code
* openssl sha -sha256 file.dat
* @endcode
*
* @return 64个字符的SHA256散列字符串
*/
- (NSString *)fileSHA256Hash;
/**
* 计算文件的SHA512散列结果
*
* 终端测试命令:
* @code
* openssl sha -sha512 file.dat
* @endcode
*
* @return 128个字符的SHA512散列字符串
*/
- (NSString *)fileSHA512Hash;
@end
NSString+Hash.m
//
// NSString+Hash.m
// 01-数据安全
//
// Created by 刘天源 on 14/11/12.
// Copyright (c) 2014年 itcast. All rights reserved.
//
#import "NSString+Hash.h"
#import <CommonCrypto/CommonCrypto.h>
@implementation NSString (Hash)
#pragma mark - 散列函数
- (NSString *)md5String {
const char *str = self.UTF8String;
unsigned char buffer[CC_MD5_DIGEST_LENGTH];
CC_MD5(str, (CC_LONG)strlen(str), buffer);
return [self stringFromBytes:buffer length:CC_MD5_DIGEST_LENGTH];
}
- (NSString *)sha1String {
const char *str = self.UTF8String;
unsigned char buffer[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(str, (CC_LONG)strlen(str), buffer);
return [self stringFromBytes:buffer length:CC_SHA1_DIGEST_LENGTH];
}
- (NSString *)sha256String {
const char *str = self.UTF8String;
unsigned char buffer[CC_SHA256_DIGEST_LENGTH];
CC_SHA256(str, (CC_LONG)strlen(str), buffer);
return [self stringFromBytes:buffer length:CC_SHA256_DIGEST_LENGTH];
}
- (NSString *)sha512String {
const char *str = self.UTF8String;
unsigned char buffer[CC_SHA512_DIGEST_LENGTH];
CC_SHA512(str, (CC_LONG)strlen(str), buffer);
return [self stringFromBytes:buffer length:CC_SHA512_DIGEST_LENGTH];
}
#pragma mark - HMAC 散列函数
- (NSString *)hmacMD5StringWithKey:(NSString *)key {
const char *keyData = key.UTF8String;
const char *strData = self.UTF8String;
unsigned char buffer[CC_MD5_DIGEST_LENGTH];
CCHmac(kCCHmacAlgMD5, keyData, strlen(keyData), strData, strlen(strData), buffer);
return [self stringFromBytes:buffer length:CC_MD5_DIGEST_LENGTH];
}
- (NSString *)hmacSHA1StringWithKey:(NSString *)key {
const char *keyData = key.UTF8String;
const char *strData = self.UTF8String;
unsigned char buffer[CC_SHA1_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA1, keyData, strlen(keyData), strData, strlen(strData), buffer);
return [self stringFromBytes:buffer length:CC_SHA1_DIGEST_LENGTH];
}
- (NSString *)hmacSHA256StringWithKey:(NSString *)key {
const char *keyData = key.UTF8String;
const char *strData = self.UTF8String;
unsigned char buffer[CC_SHA256_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA256, keyData, strlen(keyData), strData, strlen(strData), buffer);
return [self stringFromBytes:buffer length:CC_SHA256_DIGEST_LENGTH];
}
- (NSString *)hmacSHA512StringWithKey:(NSString *)key {
const char *keyData = key.UTF8String;
const char *strData = self.UTF8String;
unsigned char buffer[CC_SHA512_DIGEST_LENGTH];
CCHmac(kCCHmacAlgSHA512, keyData, strlen(keyData), strData, strlen(strData), buffer);
return [self stringFromBytes:buffer length:CC_SHA512_DIGEST_LENGTH];
}
#pragma mark - 文件散列函数
#define FileHashDefaultChunkSizeForReadingData 4096
- (NSString *)fileMD5Hash {
NSFileHandle *fp = [NSFileHandle fileHandleForReadingAtPath:self];
if (fp == nil) {
return nil;
}
CC_MD5_CTX hashCtx;
CC_MD5_Init(&hashCtx);
while (YES) {
@autoreleasepool {
NSData *data = [fp readDataOfLength:FileHashDefaultChunkSizeForReadingData];
CC_MD5_Update(&hashCtx, data.bytes, (CC_LONG)data.length);
if (data.length == 0) {
break;
}
}
}
[fp closeFile];
unsigned char buffer[CC_MD5_DIGEST_LENGTH];
CC_MD5_Final(buffer, &hashCtx);
return [self stringFromBytes:buffer length:CC_MD5_DIGEST_LENGTH];
}
- (NSString *)fileSHA1Hash {
NSFileHandle *fp = [NSFileHandle fileHandleForReadingAtPath:self];
if (fp == nil) {
return nil;
}
CC_SHA1_CTX hashCtx;
CC_SHA1_Init(&hashCtx);
while (YES) {
@autoreleasepool {
NSData *data = [fp readDataOfLength:FileHashDefaultChunkSizeForReadingData];
CC_SHA1_Update(&hashCtx, data.bytes, (CC_LONG)data.length);
if (data.length == 0) {
break;
}
}
}
[fp closeFile];
unsigned char buffer[CC_SHA1_DIGEST_LENGTH];
CC_SHA1_Final(buffer, &hashCtx);
return [self stringFromBytes:buffer length:CC_SHA1_DIGEST_LENGTH];
}
- (NSString *)fileSHA256Hash {
NSFileHandle *fp = [NSFileHandle fileHandleForReadingAtPath:self];
if (fp == nil) {
return nil;
}
CC_SHA256_CTX hashCtx;
CC_SHA256_Init(&hashCtx);
while (YES) {
@autoreleasepool {
NSData *data = [fp readDataOfLength:FileHashDefaultChunkSizeForReadingData];
CC_SHA256_Update(&hashCtx, data.bytes, (CC_LONG)data.length);
if (data.length == 0) {
break;
}
}
}
[fp closeFile];
unsigned char buffer[CC_SHA256_DIGEST_LENGTH];
CC_SHA256_Final(buffer, &hashCtx);
return [self stringFromBytes:buffer length:CC_SHA256_DIGEST_LENGTH];
}
- (NSString *)fileSHA512Hash {
NSFileHandle *fp = [NSFileHandle fileHandleForReadingAtPath:self];
if (fp == nil) {
return nil;
}
CC_SHA512_CTX hashCtx;
CC_SHA512_Init(&hashCtx);
while (YES) {
@autoreleasepool {
NSData *data = [fp readDataOfLength:FileHashDefaultChunkSizeForReadingData];
CC_SHA512_Update(&hashCtx, data.bytes, (CC_LONG)data.length);
if (data.length == 0) {
break;
}
}
}
[fp closeFile];
unsigned char buffer[CC_SHA512_DIGEST_LENGTH];
CC_SHA512_Final(buffer, &hashCtx);
return [self stringFromBytes:buffer length:CC_SHA512_DIGEST_LENGTH];
}
#pragma mark - 助手方法
/**
* 返回二进制 Bytes 流的字符串表示形式
*
* @param bytes 二进制 Bytes 数组
* @param length 数组长度
*
* @return 字符串表示形式
*/
- (NSString *)stringFromBytes:(unsigned char *)bytes length:(int)length {
NSMutableString *strM = [NSMutableString string];
for (int i = 0; i < length; i++) {
[strM appendFormat:@"%02x", bytes[i]];
}
return [strM copy];
}
@end
以上代码等于说是框架,我们只需要知道怎么使用即可。
在控制器中使用如下:
//
// ViewController.m
// POST登录
//
// Created by apple on 15/10/28.
// Copyright (c) 2015年 LiuXun. All rights reserved.
//
/**
安全隐患:
尽管在发送数据的过程中,密码进行了二进制转换。但实际上,密码还是明文。
解决方法:
*/
#define KLoginUserNameKey @"KLoginUserNameKey"
#define KLoginUserPwdKey @"KLoginUserPwdKey"
#import "ViewController.h"
#import "NSString+Hash.h"
@interface ViewController ()
@property (weak, nonatomic) IBOutlet UITextField *nameText;
@property (weak, nonatomic) IBOutlet UITextField *pwdText;
@end
@implementation ViewController
/**
MD5加密后的密文都是32位字符:无论原先没有加密前的字符串有多长 加密后都是32位字符 另外我们认为MD5是不可逆的,但事实上网站 md5.com 记录了全球的状态码
可以直接将密文进行解析:所以要对MD5进行加盐来解决
方式1、直接进行MD5加密
方式2、加盐后进行MD5加密
方式3、HMAC+MD5
*/
-(void)viewDidLoad
{
// 取出用户偏好设置保存的用户信息
self.nameText.text = [[NSUserDefaults standardUserDefaults] stringForKey:KLoginUserNameKey];
self.pwdText.text = [[NSUserDefaults standardUserDefaults] stringForKey:KLoginUserPwdKey];
NSLog(@"%@", NSHomeDirectory());
}
// 加盐的方式
static NSString *salt = @"DIUTY$%^$&^&^&&*((%$$)%~!@~~MUE(*&YWYHS{}&*&))()()";
- (IBAction)Click
{
// 对密码进行md5 加密
// 加盐———在国内用的最多
// 注意:盐要足够长,足够复杂,足够保密
NSString *username = self.nameText.text;
//1. 直接加密
// NSString *pass = [self.pwdText.text md5String];
// 2. 加盐的方式
// NSString *pass = [[self.pwdText.text stringByAppendingString:salt] md5String];
// NSLog(@"%@", pass);
// 3. HMAC+MD5 更靠谱 HMAC本身也是一种加密算法
NSString *pass = [self.pwdText.text hmacMD5StringWithKey:@"hello"];
NSLog(@"%@", pass);
// 1. url
NSURL *url = [NSURL URLWithString:@"http://127.0.0.1/login.php"];
// 2. POST必须是可变的请求
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url cachePolicy:1 timeoutInterval:2.0f];
request.HTTPMethod = @"POST";
// POST 请求不需要进行百分号转义
NSString *bodyStr = [NSString stringWithFormat:@"username=%@&password=%@",username, pass];
request.HTTPBody = [bodyStr dataUsingEncoding:NSUTF8StringEncoding];
// 3. 连接
[NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue mainQueue] completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError) {
// 反序列化
NSDictionary *result = [NSJSONSerialization JSONObjectWithData:data options:0 error:NULL];
NSLog(@"%@", result);
if ([result [@"userId"] intValue] >0) {
// 登录成功,记录用户的信息到偏好设置
[[NSUserDefaults standardUserDefaults] setObject:username forKey:KLoginUserNameKey];
[[NSUserDefaults standardUserDefaults] setObject:pass forKey:KLoginUserPwdKey];
// 为了即时保存,需要同步
[[NSUserDefaults standardUserDefaults] synchronize];
}
}];
}
@end
直接用MD5加密后的密文放在网站cmd5.com上直接破解如下所示:
加盐后 网站解密结果如下:
使用HMAC+MD5加密后,使用此网站解密如下: