版权声明:转载请标明出处 https://blog.csdn.net/qq_35495339/article/details/91416170
加盐1
/** * 生成32位md5码 * @param password * @return */ public static String md5Password(String password) { try { // 得到一个信息摘要器 MessageDigest digest = MessageDigest.getInstance("md5"); byte[] result = digest.digest(password.getBytes()); StringBuffer buffer = new StringBuffer(); // 把每一个byte 做一个与运算 0xff; for (byte b : result) { // 与运算 int number = b & 0xff;// 加盐 String str = Integer.toHexString(number); if (str.length() == 1) { buffer.append("0"); } buffer.append(str); } // 标准的md5加密后的结果 return buffer.toString(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); return ""; } } 加盐2
每次保存密码到数据库时,都生成一个随机16位数字,将这16位数字和密码相加再求MD5摘要,然后在摘要中再将这16位数字按规则掺入形成一个48位的字符串。
在验证密码时再从48位字符串中按规则提取16位数字,和用户输入的密码相加再MD5。按照这种方法形成的结果肯定是不可直接反查的,且同一个密码每次保存时形成的摘要也都是不同的。
public class TextUtil { /** * 计算一个字符串的MD5信息 * * @param str 字符串 * @return MD5值 */ public static String getMD5(String str) { try { // 生成一个MD5加密计算摘要 MessageDigest md = MessageDigest.getInstance("MD5"); // 计算md5函数 md.update(str.getBytes()); // digest()最后确定返回md5 hash值,返回值为8为字符串。因为md5 hash值是16位的hex值,实际上就是8位的字符 // BigInteger函数则将8位的字符串转换成16位hex值,用字符串来表示;得到字符串形式的hash值 return new BigInteger(1, md.digest()).toString(16); } catch (Exception e) { e.printStackTrace(); return str; } } /** * 获取48位加密密码 * */ public static String generate(String password) { Random r = new Random(); StringBuilder sb = new StringBuilder(16); sb.append(r.nextInt(99999999)).append(r.nextInt(99999999)); int len = sb.length(); if (len < 16) { for (int i = 0; i < 16 - len; i++) { sb.append("3"); } } String salt = sb.toString(); password = getMD5(password + salt); char[] cs = new char[48]; for (int i = 0; i < 48; i += 3) { cs[i] = password.charAt(i / 3 * 2); char c = salt.charAt(i / 3); cs[i + 1] = c; cs[i + 2] = password.charAt(i / 3 * 2 + 1); } return new String(cs); } /** * 校验密码是否正确 */ public static boolean verify(String password, String md5) { char[] cs1 = new char[32]; char[] cs2 = new char[16]; for (int i = 0; i < 48; i += 3) { cs1[i / 3 * 2] = md5.charAt(i); cs1[i / 3 * 2 + 1] = md5.charAt(i + 2); cs2[i / 3] = md5.charAt(i + 1); } String salt = new String(cs2); return getMD5(password + salt).equals(new String(cs1)); } } 加盐三
public class MD5Util { public static String SALT="23543dfggeelysdafaqj23ou89ZXcj@#$@#$#@KJdjklj;D../dSF.,"; //这里主要是遍历8个byte,转化为16位进制的字符,即0-F private static String byteArrayToHexString(byte b[]) { StringBuffer resultSb = new StringBuffer(); for (int i = 0; i < b.length; i++) resultSb.append(byteToHexString(b[i])); return resultSb.toString(); } private static String byteToHexString(byte b) { int n = b; if (n < 0) n += 256; int d1 = n / 16; int d2 = n % 16; return hexDigits[d1] + hexDigits[d2]; } /** * 返回大写MD5 * * @param origin * @param charsetname * @return */ private static String MD5Encode(String origin, String charsetname) { String resultString = null; try { resultString = origin; MessageDigest md = MessageDigest.getInstance("MD5"); if (charsetname == null || "".equals(charsetname)) resultString = byteArrayToHexString(md.digest(resultString.getBytes())); else resultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname))); } catch (Exception exception) { } return resultString.toUpperCase(); } public static String MD5EncodeUtf8(String origin) { origin = origin + SALT; return MD5Encode(origin, "utf-8"); } private static final String hexDigits[] = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"}; } 文章来源: https://blog.csdn.net/qq_35495339/article/details/91416170