Summary of the invention
In view of this, the application provides a kind of encryption storage method and apparatus.
Specifically, the application is achieved by the following technical solution:
A kind of encryption storage method, described method includes:
Calculate the salt adding cryptographic Hash of clear-text passwords;
Salt adding cryptographic Hash and corresponding random salt figure, the ciphertext password corresponding to obtain described clear-text passwords according to default compatible rule merging;
Store described ciphertext password.
Further, the salt adding cryptographic Hash of described calculating clear-text passwords includes:
Described clear-text passwords is carried out Hash operation, to obtain the first cryptographic Hash;
Described first cryptographic Hash adds described random salt figure, to obtain the second cryptographic Hash;
Described second cryptographic Hash is carried out Hash operation, to obtain described salt adding cryptographic Hash.
Further, the random salt figure of salt adding cryptographic Hash and correspondence described in the compatible rule merging that described basis is preset, include with the ciphertext password obtaining described clear-text passwords corresponding:
By the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtain quotient N;
Character in described random salt figure is sequentially inserted in described salt adding cryptographic Hash after the character of i-th × N position, the ciphertext password corresponding to obtain described clear-text passwords;
Wherein, N is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
Further, described method also includes:
After receiving clear-text passwords to be verified, parse, from the described ciphertext password of storage, the random salt figure that described ciphertext password is corresponding;
The ciphertext password to be verified that described clear-text passwords to be verified is corresponding is calculated according to the described random salt figure parsed;
When described ciphertext password to be verified is consistent with the described ciphertext password of storage, confirm that verification is passed through.
Further, the described random salt figure parsing described ciphertext password corresponding from the described ciphertext password of storage includes:
The figure place of described salt adding cryptographic Hash is deducted to obtain the figure place of described random salt figure by the figure place of described ciphertext password;
By the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtain quotient M;
Extract the i-th × (M+1) position character of described ciphertext password successively to obtain described random salt figure;
Wherein, M is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
A kind of encryption storage device, described device includes:
First computing unit, calculates the salt adding cryptographic Hash of clear-text passwords;
Salt adding merges unit, salt adding cryptographic Hash and corresponding random salt figure, the ciphertext password corresponding to obtain described clear-text passwords according to default compatible rule merging;
Password memory element, stores described ciphertext password.
Further, described first computing unit includes:
First Hash subelement, carries out Hash operation to described clear-text passwords, to obtain the first cryptographic Hash;
Random salt adding subelement, adds described random salt figure, to obtain the second cryptographic Hash in described first cryptographic Hash;
Second Hash subelement, carries out Hash operation to described second cryptographic Hash, to obtain described salt adding cryptographic Hash.
Further, described salt adding merges unit, specifically by the figure place of described salt adding cryptographic Hash divided by the figure place of described random salt figure, obtains quotient N;Character in described random salt figure is sequentially inserted in described salt adding cryptographic Hash after the character of i-th × N position, the ciphertext password corresponding to obtain described clear-text passwords;Wherein, N is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
Further, described device also includes:
Salt figure resolution unit, after receiving clear-text passwords to be verified, parses, from the described ciphertext password of storage, the random salt figure that described ciphertext password is corresponding;
Second computing unit, calculates, according to the described random salt figure parsed, the ciphertext password to be verified that described clear-text passwords to be verified is corresponding;
Cryptographic check unit, when described ciphertext password to be verified is consistent with the described ciphertext password of storage, confirms that verification is passed through.
Further, described salt figure resolution unit, specifically deduct the figure place of described salt adding cryptographic Hash by the figure place of described ciphertext password to obtain the figure place of described random salt figure;By the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtain quotient M;Extract the i-th × (M+1) position character of described ciphertext password successively to obtain described random salt figure;Wherein, M is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
Be can be seen that by above description, in this application, the ciphertext password corresponding to generate clear-text passwords with corresponding random salt figure by merging salt adding cryptographic Hash, and then random salt figure need not be stored, improve the difficulty that cracks of ciphertext password, and then ensure the safety of user account.
Detailed description of the invention
Here in detail exemplary embodiment being illustrated, its example representation is in the accompanying drawings.When as explained below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Embodiment described in following exemplary embodiment does not represent all embodiments consistent with the application.On the contrary, they only with in appended claims describe in detail, the application some in the example of consistent apparatus and method.
It is only merely for the purpose describing specific embodiment at term used in this application, and is not intended to be limiting the application." one ", " described " and " being somebody's turn to do " of the singulative used in the application and appended claims is also intended to include most form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and comprises any or all of one or more project of listing being associated and be likely to combination.
Although should be appreciated that and be likely to adopt term first, second, third, etc. to describe various information in the application, but these information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other out same type of information.Such as, when without departing from the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this " if " can be construed to " ... time " or " when ... " or " in response to determining ".
For the problems referred to above, the application provides a kind of encryption storage scheme, it is possible to effectively strengthen the safety of user account.
Refer to Fig. 1, the application provides a kind of encryption storage method, and said method can be applied on the server, comprises the following steps:
Step 101, calculates the salt adding cryptographic Hash of clear-text passwords.
In the present embodiment, it is possible to first the clear-text passwords of user setup is carried out Hash operation, to obtain the first cryptographic Hash, then described first cryptographic Hash can be carried out salt adding, and the first cryptographic Hash after salt adding is carried out Hash operation again, to obtain described salt adding cryptographic Hash.
Step 102, salt adding cryptographic Hash and corresponding random salt figure, the ciphertext password corresponding to obtain described clear-text passwords according to default compatible rule merging.
In the present embodiment, random salt figure corresponding for described salt adding cryptographic Hash can be added in described salt adding cryptographic Hash according to default reversible rule, the ciphertext password corresponding to obtain described clear-text passwords, such that it is able to realize when preserving described ciphertext password, not storing described random salt figure, that improves described ciphertext password cracks difficulty.
Step 103, stores described ciphertext password.
Be can be seen that by above description, in this application, the ciphertext password corresponding to generate clear-text passwords with corresponding random salt figure by merging salt adding cryptographic Hash, and then random salt figure need not be stored, improve the difficulty that cracks of ciphertext password, and then ensure the safety of user account.
Refer to Fig. 2, the another kind encryption storage method that the application provides, said method can be applied on the server, comprises the following steps:
Step 201, carries out Hash operation to described clear-text passwords, to obtain the first cryptographic Hash.
User, when login account, generally requires the password arranging correspondence, carries out authentication for follow-up.In the present embodiment, for guaranteeing the safety of user account, service end, after the clear-text passwords receiving user setup, will not directly store described clear-text passwords, but described clear-text passwords is carried out Hash operation, to obtain the first cryptographic Hash.Specifically, in this step, it is possible to adopting the hash algorithms such as MD4, MD5, this is not particularly limited by the application.
Step 202, adds described random salt figure, to obtain the second cryptographic Hash in described first cryptographic Hash.
Based on abovementioned steps 201, after obtaining the first cryptographic Hash of described clear-text passwords, it is possible to described first cryptographic Hash is carried out a salt adding, to obtain the second cryptographic Hash.Such as: random number generator can be passed through and generate a random salt figure (RandomSaltValue), after then adding described random salt figure to described first cryptographic Hash, to obtain described second cryptographic Hash.Wherein, the figure place of described random salt figure can also be change at random, such as: 6,7 etc., this is not particularly limited by the application.
For example, refer to Fig. 3, it is assumed that the clear-text passwords of user setup is 123456, the hash algorithm adopted in step 201 is MD5 algorithm, then the first cryptographic Hash obtained in step 201 is 32 character: E10ADC3949BA59ABBE56E057F20F883E.Again it is assumed that the random salt figure generated in this step is 654321, then, after can adding described random salt figure to described first cryptographic Hash, form the second cryptographic Hash: E10ADC3949BA59ABBE56E057F20F883E654321.
Step 203, carries out Hash operation to described second cryptographic Hash, to obtain described salt adding cryptographic Hash.
In the present embodiment, can adopt the hash algorithm identical with step 201 that described second cryptographic Hash is carried out Hash operation, it is of course also possible to adopt the hash algorithm different from step 201 that described second cryptographic Hash is carried out Hash operation, this is not particularly limited by the application.
Still for MD5 algorithm, refer to Fig. 4, described second cryptographic Hash of citing in abovementioned steps 202 is carried out a Hash operation again, it is possible to obtain following salt adding cryptographic Hash: 193C2DCB6D290219A4CC5A78210680CB.
Step 204, salt adding cryptographic Hash and corresponding random salt figure, the ciphertext password corresponding to obtain described clear-text passwords according to default compatible rule merging.
Based on abovementioned steps 203, after obtaining described salt adding cryptographic Hash, merge described salt adding cryptographic Hash and corresponding random salt figure, and using the value that obtains after merging as ciphertext password corresponding to the described clear-text passwords of user setup.
In this step, it is possible to adopt the random salt figure of salt adding cryptographic Hash described in arbitrary reversible compatible rule merging and its correspondence.Such as: according to default rule, each character in described random salt figure is inserted in described salt adding cryptographic Hash one by one.
Specifically, refer to Fig. 5, the random salt figure of salt adding cryptographic Hash and correspondence described in the compatible rule merging that described basis is preset, the ciphertext password corresponding to obtain described clear-text passwords, it is possible to including:
Step 2041, by the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtains quotient N.
Still for MD5 algorithm, the character that salt adding cryptographic Hash is 32 regular lengths obtained after MD5 algorithm.In this step, by the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, it is the natural number be more than or equal to 1 to obtain quotient N, N.Still for described random salt figure for 654321, the figure place of this random salt figure is 6, then the quotient N that 32 ÷ 6 obtain is 5.
Step 2042, is sequentially inserted into the character in described random salt figure in described salt adding cryptographic Hash after the character of i-th × N position, the ciphertext password corresponding to obtain described clear-text passwords.
Based on abovementioned steps 2041, after obtaining described quotient N, being sequentially inserted into by the character in described random salt figure in described salt adding cryptographic Hash after the character of i-th × N position, wherein, i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.Namely, in described salt adding cryptographic Hash, every N number of character, a character in random salt figure is inserted.
Refer to Fig. 6, described clear-text passwords is 123456, and described random salt figure is the value of 654321, N is 5, and based on the calculated described salt adding cryptographic Hash of step 203 is: 193C2DCB6D290219A4CC5A78210680CB.In this step, the value of i is 1 to 6, after being sequentially inserted in described salt adding cryptographic Hash the 5th, the 10th, the 15th, the 20th, the 25th and the 30th character by the character 6,5,4,3,2,1 in described random salt figure, the ciphertext password formed is: 193C26DCB6D52902149A4CC35A7822106801CB, wherein in the ciphertext password shown in Fig. 6, the character with underscore is the character in random salt figure.
Certainly, those skilled in the art can also take other modes to merge the random salt figure of described salt adding cryptographic Hash and its correspondence, such as: can inserting the character etc. in several random salt figures every a default character in described salt adding cryptographic Hash, the application contrast is not particularly limited.
Step 205, stores described ciphertext password.
Based on abovementioned steps 204, after obtaining the ciphertext password that described clear-text passwords is corresponding, store described ciphertext password.Specifically, in this application, it is incorporated in described ciphertext password by calculating the random salt figure added in the process of described ciphertext password by step 204, and then can individually store described random salt figure in this step again, so can be prevented effectively from hacker and crack the ciphertext password of correspondence according to the random salt figure of storage, further enhance the safety of user account.
Step 206, after receiving clear-text passwords to be verified, parses, from the described ciphertext password of storage, the random salt figure that described ciphertext password is corresponding.
In the present embodiment, the clear-text passwords to be verified of user's input, when the login instruction receiving user, be verified by service end, if this clear-text passwords to be verified is consistent with the password of user setup, then can confirm that verification is passed through, if it is inconsistent, verify unsuccessfully.
Based on the password storage scheme of abovementioned steps 201 to step 205, service end, after receiving clear-text passwords to be verified, first parses the random salt figure of correspondence from the ciphertext password of storage.
Specifically, it is possible to according to the reversible rule adopted in step 204, resolving inversely goes out described random salt figure.For the merging method shown in Fig. 5, refer to Fig. 7, described parse, from the described ciphertext password of storage, the random salt figure that described ciphertext password is corresponding, it is possible to comprise the following steps:
Step 2061, deducts the figure place of described salt adding cryptographic Hash to obtain the figure place of described random salt figure by the figure place of described ciphertext password.
In this step, in view of the character that described salt adding cryptographic Hash is 32 regular lengths, it is possible to deduct the figure place of described salt adding cryptographic Hash by the figure place of described ciphertext password, to obtain the figure place of described random salt figure.
For the ciphertext password shown in Fig. 6, the figure place of this ciphertext password is 38, and the figure place that can obtain described random salt figure with 38-32 is 6.
Step 2062, by the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtains quotient M.
In this step, by the figure place of the described salt adding cryptographic Hash figure place divided by the random salt figure obtained in step 2061, it is possible to obtaining quotient M, M is the natural number be more than or equal to 1.
Specifically, the example in step 2061, the figure place of described salt adding cryptographic Hash is 32, and the figure place of described random salt figure is 6, then the 32 available quotient M of ÷ 6 are 5.
Step 2063, extracts the i-th × (M+1) position character of described ciphertext password successively to obtain described random salt figure.
Based on abovementioned steps 2062, after obtaining described quotient M, extracting the i-th × (M+1) position character of described ciphertext password successively to obtain described random salt figure, wherein, i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.That is, extracting the 6th of the ciphertext password shown in Fig. 6, the 12nd, the 18th, the 24th, the 30th and the 36th successively, and then can extract character 654321 from described ciphertext password, namely described random salt figure is 654321.
Step 207, calculates, according to the described random salt figure parsed, the ciphertext password to be verified that described clear-text passwords to be verified is corresponding.
Based on abovementioned steps 206, service end is after receiving clear-text passwords to be verified, random salt figure is parsed from the ciphertext password of storage, then service end can according to the process of the ciphertext password of the clear-text passwords calculating user setup in abovementioned steps 201 to 204, calculate the ciphertext password to be verified that described clear-text passwords to be verified is corresponding, do not repeat them here.
Step 208, when described ciphertext password to be verified is consistent with the described ciphertext password of storage, confirms that verification is passed through.
In this step, judge that whether the ciphertext password to be verified calculated in step 207 is consistent with the ciphertext password of storage, if ciphertext password to be verified is consistent with the ciphertext password of storage, then can confirm that verification is passed through, if the ciphertext password of ciphertext password to be verified and storage is inconsistent, then can confirm that verification is not passed through.
Be can be seen that by above description, in this application, the ciphertext password corresponding to generate clear-text passwords with corresponding random salt figure by merging salt adding cryptographic Hash, and then random salt figure need not be stored, improve the difficulty that cracks of ciphertext password, and then ensure the safety of user account.
The embodiment encrypting storage method with the application is corresponding, present invention also provides a kind of encryption storage device.Device described herein can be realized by software, it is also possible to is realized by the mode of hardware or software and hardware combining.Implemented in software for example, the application calibration equipment, as the device on a logical meaning, is that computer program instructions corresponding in nonvolatile memory is read to run in internal memory and formed by the processor by its place equipment.
Refer to Fig. 8 and Fig. 9, the application provides a kind of encryption storage device 800, described device can be applied in service end, includes: the first computing unit 801, salt adding merge unit 802, password memory element 803, salt figure resolution unit the 804, second computing unit 805 and cryptographic check unit 806.Wherein, described first computing unit 801 can also include: the first Hash subelement 8011, random salt adding subelement 8012 and the second Hash subelement 8013.
Wherein, described first computing unit 801, calculate the salt adding cryptographic Hash of clear-text passwords.
Described salt adding merges unit 802, salt adding cryptographic Hash and corresponding random salt figure, the ciphertext password corresponding to obtain described clear-text passwords according to default compatible rule merging.
Described password memory element, stores described ciphertext password.
Described first Hash subelement 8011, carries out Hash operation to described clear-text passwords, to obtain the first cryptographic Hash.
Described random salt adding subelement 8012, adds described random salt figure, to obtain the second cryptographic Hash in described first cryptographic Hash.
Described second Hash subelement 8013, carries out Hash operation to described second cryptographic Hash, to obtain described salt adding cryptographic Hash.
Further, described salt adding merges unit 802, specifically by the figure place of described salt adding cryptographic Hash divided by the figure place of described random salt figure, obtains quotient N;Character in described random salt figure is sequentially inserted in described salt adding cryptographic Hash after the character of i-th × N position, the ciphertext password corresponding to obtain described clear-text passwords;Wherein, N is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
Described salt figure resolution unit 804, after receiving clear-text passwords to be verified, parses, from the described ciphertext password of storage, the random salt figure that described ciphertext password is corresponding.
Described second computing unit 805, calculates, according to the described random salt figure parsed, the ciphertext password to be verified that described clear-text passwords to be verified is corresponding.
Described cryptographic check unit 806, when described ciphertext password to be verified is consistent with the described ciphertext password of storage, confirms that verification is passed through.
Further, described salt figure resolution unit 804, specifically deduct the figure place of described salt adding cryptographic Hash by the figure place of described ciphertext password to obtain the figure place of described random salt figure;By the figure place of the described salt adding cryptographic Hash figure place divided by described random salt figure, obtain quotient M;Extract the i-th × (M+1) position character of described ciphertext password successively to obtain described random salt figure;Wherein, M is the natural number be more than or equal to 1, and i is from 1 natural number started, and the figure place that the maximum of i is described random salt figure.
What in said apparatus, the function of unit and the process that realizes of effect specifically referred in said method corresponding step realizes process, does not repeat them here.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all within spirit herein and principle, any amendment of making, equivalent replacements, improvement etc., should be included within the scope that the application protects.