Microservice Development
Create a microservice project. All project microservices will reside within this project. Create joyshop_srv. Since we are not creating a user login and registration service, we will create another directory under the project directory:user_srv and user_srv/global (global object creation and initialization)user_srv/handler (business logic code)user_srv/model (user-related models)user_srv/proto (user-related models)main.go service startup file
We use MD5 encryption for passwords.
1. Message Digest Algorithm 5 (MD5) Information Digest Algorithm
MD5 is a common hashing algorithm with the following main characteristics:
-
Compressibility
For data of any length, the calculated MD5 value will always have a fixed length. -
Ease of Computation
It is very easy to compute the MD5 value from the original data. -
Modification Resistance
Any modification to the original data, even a single byte, will result in a significantly different MD5 value. -
Strong Collision Resistance
It is extremely difficult to find two different pieces of data that produce the same MD5 value. -
Irreversibility
It is irreversible; the original data cannot be recovered from an MD5 value.
MD5 Salt Encryption
1. Purpose of Salting
To enhance the security of MD5 encryption and prevent rainbow table attacks, a "salt" value is typically added to the original data before MD5 encryption.
2. Salting Methods
- Combine by generating a random number and an MD5-generated string
- Concatenate the randomly generated salt value with the original password before performing MD5 encryption.
- E.g.:
md5( password + salt ) - Store both MD5 value and salt value in the database
- During registration: Generate a salt, compute the salted MD5, and store both in the database.
- During verification: Retrieve the salt, re-encrypt, and compare the MD5 values.
// 设置加密参数
options := &password.Options{
SaltLen: 16,
Iterations: 100,
KeyLen: 32,
HashFunction: sha512.New,
}
// 1. 加密
salt, encodedPwd := password.Encode("your_password", options)
final := fmt.Sprintf("$pbkdf2-sha512$%s$%s", salt, encodedPwd)
// 2. 拆分(模拟从数据库读取)
parts := strings.Split(final, "$")
saltFromDb := parts[2]
hashFromDb := parts[3]
// 3. 验证
ok := password.Verify("your_password", saltFromDb, hashFromDb, options)
fmt.Println("验证是否通过:", ok)
主题测试文章,只做测试使用。发布者:Walker,转转请注明出处:https://www.walker-learn.xyz/archives/4779
