使用一般的 MD5 加密,直接对密码进行散列,黑客可以通过查找散列值字典,来得到用户的密码。
加 Salt 可以解决这个问题,就是当用户登录时,系统为用户提供的代码加上 Salt 值,再进行散列。
package com.yuu.mall.util;import java.security.MessageDigest;/*** Created by yuu*/
public class MD5Util {private static String byteArrayToHexString(byte b[]) {StringBuffer resultSb = new StringBuffer();for (int i = 0; i < b.length; i++)resultSb.append(byteToHexString(b[i]));return resultSb.toString();}private static String byteToHexString(byte b) {int n = b;if (n < 0)n += 256;int d1 = n / 16;int d2 = n % 16;return hexDigits[d1] + hexDigits[d2];}/*** 返回大写MD5** @param origin* @param charsetname* @return*/private static String MD5Encode(String origin, String charsetname) {String resultString = null;try {resultString = new String(origin);MessageDigest md = MessageDigest.getInstance("MD5");if (charsetname == null || "".equals(charsetname))resultString = byteArrayToHexString(md.digest(resultString.getBytes()));elseresultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname)));} catch (Exception exception) {}return resultString.toUpperCase();}public static String MD5EncodeUtf8(String origin) {origin = origin + "yuusdafaqj23ou89ZXcj@#$@#$#@KJdjklj;D../dSF.,";return MD5Encode(origin, "utf-8");}private static final String hexDigits[] = {"0", "1", "2", "3", "4", "5","6", "7", "8", "9", "a", "b", "c", "d", "e", "f"};}这句就是加 Salt
origin = origin + “yuusdafaqj23ou89ZXcj@#KaTeX parse error: Expected 'EOF', got '#' at position 2: @#?#@KJdjklj;D…/dSF.,”;