哈希算法
- 明文 对应 密文 (摘要)张先生 对应 ZXS
- 雪崩效应 小小变化导致巨变
- 密文 明文无法反推
- 密钥固定长度 md5 sha1 sha256
加盐salt
let password = '123456'
let salt = '@Key!@#'
let lastPwd = md5(password + salt)
//保存:
把salt 和 lastPwd 一起保存如数据库
//读取
salt 和 lastPwd一起传入查询
常用的后台加密写法
egg加密方式
//app/controller/user.js
const md5 = require('md5')
const BaseController = require('./base')
const HashSalt = ':Kaikeba@good!@123' //加盐
class UserController extends BaseController {
async login() {
// this.success('token')
const { ctx, app } = this
const { email, passwd } = ctx.request.body
//通过加盐后才查询数据库
const user = await ctx.model.User.findOne({
email,
passwd: md5(passwd + HashSalt),
})
if (!user) {
return this.error('用户名密码错误')
}
.......
// this.success({ token, email, nickname: user.nickname })
}
}
module.exports = UserController
加密方法
password.js
const crypto = require('crypto')//使用加密库
const hash = (type,str) => crypto.createHash(type).update(str).digest('hex')
const md5 = str => hash('md5',str)
const sha1 = str => hash('sha1',str)
const encryptPassword = (salt,password) => md5(salt + 'asdbe!@#@432' + password)
const psw = '111111'
// console.log('md5',md5(psw))
// console.log('sha1',sha1(psw))
// console.log('encryptPssword',encryptPassword(psw))
module.exports = encryptPassword
测试代码
sqlTest.js
(async () => {
const query = require('./db')
const encryptPassword = require('./password')
let sql = `
SELECT *
FROM test.user
`
const res = await query(sql)
const saltDb = async record => {
sql = `
update test.user
set salt = ? ,
password = ?
where username = ?
`
//注意这里每次都动态生成salt ,同时记录,用于下次查询使用
const salt = Math.random() * 999999 + '' + new Date().getTime()
console.log('salt:', salt)
console.log('username:', record.username)
await query(sql, [salt, encryptPassword(salt, record.password), record.username])
}
res.forEach(v => saltDb(v))
console.log('end',res)
})()
