Traditional Culture Encyclopedia - Traditional festivals - These shortcomings of MD5 may cause information security problems
These shortcomings of MD5 may cause information security problems
1. The calculation speed is fast, the encryption speed is fast, and no key is required; 2. The integrity of the file can be checked, and once the file is changed, the MD5 value will change; 3. It prevents tampering. Once the file is tampered with during transmission, the calculated MD5
The value will also change; 4. It can be used for digital signatures to prevent repudiation. Once the user's file is encrypted by a third-party MD5, if Party A later says that the file was not written by him, then when the signature obtained after using the file MD5 is consistent, it can
Confirm; 5. To prevent seeing plain text, the company stores passwords in MD5 values.
1. As a hashing algorithm, it has been proven that there will still be two different data that will collide; 2. The security of MD5.
It is unsafe to store the user's password directly in the database after MD5.
(1) Because users are accustomed to using passwords that are easy to remember, such as mobile phone numbers and birthdays, criminals can easily obtain such passwords, which is why salt is needed.
(2) Directly store MD5 into the database. If the database is stolen, the password will be found through MD5 reverse search, which requires the cooperation of a random salt value.
3. The passwords used by many people are common combinations. The attacker performs one-way hashing on these common combinations of passwords to obtain a summary combination, and then compares it with the summary in the database to obtain the corresponding password.
From a technical point of view, MD5 is really safe because MD5 is irreversible and cannot be decrypted except through credential stuffing.
To put it simply, credential stuffing is to build a large database, encrypt various commonly used sentences and passwords into ciphertext, and store them in the database; then use the ciphertext to query the database website, and it is possible to find the password.
There are many MD5 decryption websites on the Internet, such as: /. If users often use simple passwords, it is very unsafe.
For example, the MD5 ciphertext of 654321 is c33367701511b4f6020ec61ded352059. After logging in to the MD5 decryption website, enter the ciphertext c33367701511b4f6020ec61ded352059 in the input box and enter the correct verification code to get the decryption result: 654321.
It can be seen that if you often use simple passwords, the probability of being decrypted is very high, which is one of the reasons why MD5 is not very safe.
Therefore, the user's password is directly stored in the database after MD5. If the database is stolen by criminals, it will cause information security problems.
- Related articles
- What are the majors of studying medicine?
- Why is the price of fuel vehicles in China greatly reduced? What is the reason?
- How to decorate your home during the Spring Festival
- What are the customs of shocking solar terms? What are the customs of shocking solar terms?
- To Shaolin Temple Wushu school to learn Shaolin traditional martial arts age?
- Jinan tourist attractions ranking top ten
- How to make the sand delicious is a common practice of mung bean paste.
- What is the center of mass?
- What about achilles tendon rupture?
- What does it mean to seek parallelism in composition?