If it is encrypted again (MD5), the server side how to judge the current password is clear or add too close?

CodePudding user response:

Password when registering with clear transmission is a traditional program

CodePudding user response:

MD5 this kind of things, can only prevent others tamper with the data, can't achieve your that kind of "client encryption", "server decrypts" model,
In fact you just use SSL, the SSL link is the client to encrypt data, server to decrypt data, or server to encrypt and decrypt the client, the encryption and decryption process, that is transparent for you, you don't need to worry about,

CodePudding user response:

refer to the original poster singing sound Amadues response:

if it is encrypted again (MD5), the server side how to judge the current password is expressly or add too close?

Don't understand, ask why inventory check library directly by the server to see is clear or cipher?

CodePudding user response:

refer to the second floor SpringBoot Chinese community response:

MD5 this kind of things, can only prevent others tamper with the data, can't achieve your that kind of "client encryption", "server decrypts" model,
In fact you just use SSL, the SSL link is the client to encrypt data, server to decrypt data, or server to encrypt and decrypt the client, the encryption and decryption process, that is transparent for you, you don't need to worry about,

MD5 is irreversible encryption, especially suitable for the occasion of passwords that don't require decryption, the client encryption is to prevent leakage in the process of transmission, of course, if use SSL transmission is encrypted, actually the password encryption is only a little insurance again,

CodePudding user response:

reference 3 floor north north I's reply:

Quote: refer to the original poster singing sound Amadues response:

if it is encrypted again (MD5), the server side how to judge the current password is expressly or add too close?

Don't understand, ask why inventory check library directly by the server to see is clear or cipher?

Is registered in the database have not save the password,
Server to check the last here, from the front end data is not credible,

CodePudding user response:

The client public key encryption, decrypted by the server, the data inventory irreversible MD5

CodePudding user response:

refer to 6th floor dkwuxiang response:

client public key encryption, decrypted by the server, the data inventory irreversible MD5

The brother was right

CodePudding user response:

refer to fifth floor singing sound Amadues response:

Quote: refer to the third floor north north I's reply:

Quote: refer to the original poster singing sound Amadues response:

if it is encrypted again (MD5), the server side how to judge the current password is expressly or add too close?

Don't understand, ask why inventory check library directly by the server to see is clear or cipher?

Is registered in the database have not save the password,
Server to check the last here, from the front end data is not credible,

See is the front we do a check
You said that the front-end public key encryption, decryption backend storage again like upstairs said

CodePudding user response:

Using the POST method, clear, back-end encryption authentication.

CodePudding user response:

If what all don't do it, that is clear, whether the MD5, depends on whether you front made the MD5.

HTTPS is actually available, almost no HTTPS, password encryption will also want to use symmetric encryption, asymmetric encryption server database deposited do that just prevent insider, algorithm is certainly not suitable for exposure to the client, in particular to add salt and so on.

CodePudding user response:

About the processing of the password, should according to the grades of safety to the design, the password is private sensitive information, the user from safe Angle consideration, any system should be kept, not transmit passwords plaintext or can decrypt the cipher text form of (client, server), but to save it can check the hash hash information (decryption), or any where you can enter the password, should immediately carry out hash into a hash value, and then transmitted through the encrypted channel, such processing to solve the three problems:
1, the password is only in a man-machine interface program is clear, other places are cipher (Hash), prevent malicious program hijack steals
2, the network transmission channel is encrypted, network monitoring to prevent hackers steal
3, no one can get or reverse from the static data in the system, password clear

As for the password forgot, can only be "reset password", not "get password" this Monday,
If the client or server records the plaintext password or can decrypt the cipher text, so this design is not in conformity with the high level of security systems, such as Banks, insiders can steal the user information,

Remember: any automatic login system is not safe,

CodePudding user response:

Passwords plaintext is not necessary to the server, the server just need to know the password hash value