The plaintext is encrypted by using hash algorithms such as MD5 or SHA 1. Strictly speaking, MD5 is not an encryption algorithm, but a digest algorithm. No matter how long the input is, MD5 will output a hash value of 128 bits (16 bytes). SHA 1 is also a popular message digest algorithm, which can generate a hash value of 160 bits (20 bytes), which is called message digest. Compared with SHA 1, MD5 is less secure but faster. SHA 1 is safer than MD5, but slower.
Second, symmetric encryption.
Using the encryption method of single-key cryptosystem, information can be encrypted and decrypted simultaneously with the same key. This encryption method is called symmetric encryption. Commonly used symmetric encryption algorithms include DES, 3DES, TDEA, Puffer, RC2, RC4, RC5, IDEA, SKIPJACK, etc.
Third, asymmetric encryption.
Asymmetric encryption algorithm is a key method, which requires two keys for encryption and decryption. These two keys are a public key and a private key. The public key and the private key are a pair. If the data is encrypted with the public key, it can only be decrypted with the corresponding private key. Asymmetric encryption algorithms include RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (Elliptic Curve Encryption Algorithm).
Fourth, digital signature.
Digital signature (also known as public key digital signature) is a digital string that can only be generated by the sender of information, and others cannot forge it. This number string is also an effective proof of the authenticity of the information sent by the information sender. It is a method to authenticate digital information, which is similar to the ordinary physical signature written on paper, but it is realized by using the technology in the field of public key encryption.
Five, direct plaintext preservation
In the early days, many such practices, for example, the password set by the user is "123", and "123" is directly saved in the database, which is the simplest way to save and the most insecure way. But in fact, many internet companies may take this approach.
6. Use MD5, SHA 1 and other one-way hash algorithms to protect passwords.
After using these algorithms, the original password cannot be recovered by calculation, and the implementation is relatively simple. Therefore, many Internet companies use this method to save users' passwords, which used to be a relatively safe way. However, with the rise of rainbow table technology, rainbow table can be established to look up and crack tables, which is very unsafe at present
Seven, special one-way hash algorithm
Because the one-way hash algorithm is not secure in password protection, some companies have extended the one-way hash algorithm by adding salt and multiple hashes, which can increase the difficulty of cracking to some extent. For the hash algorithm of fixed salt, it is necessary to protect salt from being leaked, and it will encounter the same problem as "protecting symmetric key". Once the salt leaks, you can rebuild the rainbow table according to the salt to crack it.
Eight, PBKDF2
The principle of this algorithm is roughly equivalent to adding random salt to the hash algorithm to perform multiple hash operations. Random salt greatly increases the difficulty of constructing rainbow tables, and multiple hashes also greatly increase the difficulty of constructing and cracking tables.
Nine. BCrypt
BCrypt was born in 1999, and it is superior to PBKDF2 in confronting GPU/ASIC, but I still don't recommend you to use it in the new system, because it is not outstanding in offline cracking thread modeling. ?
X.SCrypt
SCrypt is a better choice now: it is better designed than BCrypt (especially in memory) and has been working in this field for 10 years. On the other hand, it is also used in many cryptocurrencies, and we have some hardware (including FPGA and ASIC) to implement it. Although they are specially used for mining, they can be reused for cracking.