We know, now there is a lot of websites on the Internet, often need users to register first, provide information such as email, account, password, etc., becoming a registered user of the website, can enjoy some special columns provided by the website. Information or services, such as free email, forum, chat, etc., users need to register. For large-scale e-commerce websites such as IGO5, users need to purchase goods, they need to be detailed and accurate, and this information is often very hidden information, such as phones, emails, addresses, etc. The registration information is very important for users and websites, and they cannot be disclosed, and there is more secure hidden dangers.
If we also design a website that requires a user registered, according to the current common technology implementation method, a table for storing user information can be created in the database. At least the user account field: useeraccount and user password field: Password, Of course, a user information table in practical applications is not possible to have only this information, often add some other information to facilitate the website to provide more complete services based on the website service requirements. In general, one line of user information occupies this user information table is a data record. When the user logs in or submits the information, the program filled in information with the information in the table, if the user account and password are accurate, Then explain that this user is a legitimate user, through registration; contrary, it is illegal user, not allowed.
However, is this safe? Is it necessary to meet the registration requirements of the website? Think carefully, we generally save user information directly in the database, no confidentiality, for some file databases such as Access, etc. If someone gets this file, isn't some of the information? Is it undoubted? More importantly, if an irresponsible network management, you don't need any technical means, you can view any information in the website. If our user information is not encrypted in the database, for the NMS, check this is too simple. . So, in order to increase security, we need to encrypt the data in the database, so that even if someone gets the entire database, if there is no decryption algorithm, the user information in the database cannot be checked. However, before considering whether the database is secure, we need to consider whether our data is really important. If the data is just a simple file information, there is no confidentiality, obviously, there is no need to encrypt these data and wasting the system Resources, aggravation, if these data have certain privacy, of course, it is necessary to encrypt. So, before considering encryption, we can make appropriate choices for data that need to encrypt to avoid waste system resources.
MD5 encryption algorithm brief introduction
At this stage, we generally believe that there are two encryption methods, one-way encryption, and two-way encryption. Bidirectional encryption is the most commonly used in an encryption algorithm. It will directly understand the plaintext data that we can directly understand, and then, when needed, you can use a certain algorithm to decrypt these encryption. It can be understood in its original text. Two-way encryption is suitable for hidden communications, for example, when we shop online, we need to submit credit card passwords to the website. Of course, we don't want our data to be transferred directly on the web, because it is likely to be "sneakless" by other users, we I hope that our credit card password is after encryption, then transfer in network, so that after the website accepts our data, you can get an accurate credit card account by decrypting algorithm. The one-way encryption is just the opposite, and the data can only be encrypted, that is, there is no way to decrypt the data after encryption. Maybe we will think immediately, what is the use of such encryption? What is the effect of encryption algorithm that cannot decrypt? One application in the actual application is the user information encryption in the database, and when the user creates a new account or password, his information is not directly saved to the database, but after the encryption is reserved, so, even if this information is leaked, You cannot understand the true meaning of this information immediately.
MD5 is an encryption algorithm using one-way encryption. For MD5, there are two characteristics that are important. The first is any two paragraphs, and the ciphertext after encryption cannot be the same; the second is any paragraph of plaintext data. After encryption, the result must always be constant. The former means that there is no other two paragraphs to get the same ciphertext, the latter means that if we encrypt specific data, the ciphertext obtained must be the same.
The MD5CYPTOSERVICEPROVIDER class is a class in the .NET System.Security.cryptography name space, providing a solution specifically for MD5 one-way data encryption, which is also a class we used to encrypt the database in this article. Before you really perform data encryption, we first understand the main method in the MD5CyptoServiceProvider class: ComputeHash, which uses the input plaintext data array using MD5 encryption to output encrypted ciphertext data arrays. Now, let's take a specific example:
'To encrypt the plain text string
DIM STRPLAINTEXT AS STRING = "Encrypt ME!"
'Array for storing the text string
DIM HashedDataBytes as byte ()
DIM ENCODER AS New UTF8ENCODING ()
'Establish an MD5CryptoService instance
DIM MD5HASHER AS New MD5CryptoServiceProvider ()
'Encryption operation
HashedDataBytes = MD5HASHER.Computehash (Encoder.getbytes (STRPLAINTEXT))
After reading the specific instance of the above, we know that the computehash method can only accept arrays as an encrypted object, and the output is also an array. Therefore, we must first convert these strings into arrays before the string is encrypted. To use the getBytes method of the UTF8Encoding class, convert the string into an array, while the results after encryption are also output using the array output.
We have roughly understand the specific encryption of MD5, below, we combine database to see the actual use of MD5. In the previous introduction, we mention that the site often saves the user's account, password, and other information to the database, such as the account using the type of VARCHAR, the same, the password is also the password field with type VARCHAR. However, if we intend to store password information in MD5 encryption, you must change the password field password's type 16 is binary. This is actually not understanding, because in the previous introduction, we know that the output after encryption is With binary arrays, there must be a corresponding change here. When the user is successfully registered, when a account is officially established, a record must be added to this user. The following program code implements the function of establishing an account. In the page, the program requires the user to enter an account, password, etc. information, then store this information as an account information into a data sheet named userCount, in this table, user password It is saved using MD5 encryption. Here is the specific code of the above page:
<% @ Import namespace = "system.security.cryptography"%>
<% @ Import namespace = "system.text"%>
<% @ Import namespace = "system.data"%>
<% @ Import namespace = "system.data.sqlclient"%>
