CN110943837A - User password encryption method based on improved MD5 encryption algorithm - Google Patents

User password encryption method based on improved MD5 encryption algorithm Download PDF

Info

Publication number
CN110943837A
CN110943837A CN201911280697.1A CN201911280697A CN110943837A CN 110943837 A CN110943837 A CN 110943837A CN 201911280697 A CN201911280697 A CN 201911280697A CN 110943837 A CN110943837 A CN 110943837A
Authority
CN
China
Prior art keywords
password
algorithm
user
encryption
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911280697.1A
Other languages
Chinese (zh)
Other versions
CN110943837B (en
Inventor
陈虹
张子浩
刘雨朦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liaoning Technical University
Original Assignee
Liaoning Technical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liaoning Technical University filed Critical Liaoning Technical University
Priority to CN201911280697.1A priority Critical patent/CN110943837B/en
Publication of CN110943837A publication Critical patent/CN110943837A/en
Application granted granted Critical
Publication of CN110943837B publication Critical patent/CN110943837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides a user password encryption method based on an improved MD5 encryption algorithm, and relates to the technical field of information security. Firstly, encrypting a password input during user registration through an MD5 algorithm to obtain initial encrypted data, then generating a random number through an elliptic curve, sending the random number into a pseudo-random number generator, generating a random character string by the elliptic curve and the pseudo-random number generator together, and generating new encrypted data as a message digest to be stored in a database after bitwise XOR with the encrypted data generated by the MD5 algorithm. And when the user logs in again, encrypting the input password, and comparing and verifying the encrypted ciphertext with the ciphertext stored in the database. The method is based on the improved MD5 encryption algorithm, and random character strings are added for XOR operation after the original MD5 algorithm is operated, so that the randomness and the collision resistance of the algorithm are improved, the safety of the algorithm is improved, and exhaustion attack, birthday attack and differential attack can be effectively resisted.

Description

User password encryption method based on improved MD5 encryption algorithm
Technical Field
The invention relates to the technical field of information security, in particular to a user password encryption method based on an improved MD5 encryption algorithm.
Background
With the development of computer and internet technologies, a large number of websites and APP services all require users to register, and the users are required to set passwords during registration; the user password plays a good role in protecting the relevant information of the user. However, in recent years, many enterprises have user information leakage events, and the leaked data is not encrypted or is encrypted in a weak manner, so that hackers can restore the original user password. Information leakage events, which have been exposed to light at present, are at least hundreds, including many front-line internet companies, which leak over 10 billion pieces of total data.
The MD5 encryption algorithm is widely applied to important fields such as file verification, transaction verification, account comparison, message verification and the like, and has very important significance for protecting website data and preventing exposure of private privacy data. The MD5 algorithm has irreversibility and uniqueness, but as the message digest length of the MD5 is only 128 bits, the collision phenomenon inevitably occurs while the file size is gradually increased, an attacker can always find one or more groups of plain texts in a short time by using the hash collision attack to enable the message digest values of the MD5 to be equal, and the safety of the MD5 is threatened.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a user password encryption method based on an improved MD5 encryption algorithm to realize encryption and decryption of a user password, in order to overcome the above disadvantages of the prior art.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a user password encryption method based on an improved MD5 encryption algorithm comprises the following steps:
step 1: inputting a password when a user registers, and encrypting the password through an MD5 algorithm to obtain encrypted data Q;
step 2: generating a random number through elliptic curve encryption; recording the current system time as d, generating dynamic information according to the system time d, sending the dynamic information into an elliptic curve for encryption, and after the elliptic curve is encrypted, randomly selecting an encrypted point set G from the elliptic curven(1, 1) removing points on the axis of abscissa and axis of ordinate and points at infinity, then randomly taking a group of coordinate points and extending the coordinate points to 64 bits, and marking as e and f;
and step 3: running pseudo-randomThe number generator generates a random string; system generated key K using e and f as input to pseudo-random number generator1And K2Pseudo-random number R generated as a key run generatoriAnd new seed Vi+1Merging to generate a 128-bit character string which is marked as R;
and 4, step 4: carrying out bitwise XOR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; carrying out bitwise XOR on the character strings Q and R to generate a new 128-bit cipher text serving as an information abstract, namely an encrypted user password, and carrying out bitwise XOR on the d, K1,K2Storing the encrypted user password and the corresponding password storage field of the user in a database at the same time to finish the encryption of the user password;
and 5: when the user logs in again, the user encrypts the input password by the steps of steps 1-4, wherein d, K1And K2Extracting from a database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext stored in the database, judging that the password of the user is correct.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: according to the user password encryption verification method based on the improved MD5 encryption algorithm, based on the improved MD5 encryption algorithm, random character strings are added after the operation of the original MD5 algorithm to perform XOR operation, the randomness and the collision resistance of the algorithm are improved, the safety of the algorithm is improved, and the exhaustive attack, the birthday attack and the differential attack can be effectively resisted.
Drawings
Fig. 1 is a flowchart of a user password encryption method based on an improved MD5 encryption algorithm according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an MD5 encryption algorithm provided by an embodiment of the present invention;
FIG. 3 is a main loop diagram of an MD5 encryption algorithm provided by an embodiment of the present invention;
FIG. 4 is a diagram illustrating an implementation of an MD5 encryption algorithm according to an embodiment of the present invention;
FIG. 5 is an elliptic curve y provided by an embodiment of the present invention2=x3+ x +1 diagramLike a graph;
fig. 6 is a schematic structural diagram of an ANSI X9.17 pseudo-random number generator according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In this embodiment, a user password encryption method based on an improved MD5 encryption algorithm, as shown in fig. 1, includes the following steps:
step 1: inputting a password when a user registers, and encrypting the password through an MD5 algorithm to obtain encrypted data Q;
the basic principle of MD5 is to group data information with finite length in units of 512 bits, divide each group into 16 32-bit sub-groups, and after four rounds of operations, output four 32-bit cascade to form a 128-bit hash value as an information digest, the principle of MD5 encryption algorithm is shown in fig. 2, and the specific steps are as follows:
step 1: filling information; grouping by taking 512 bits as a unit, enabling the message length to be a multiple of 512 minus 64, namely filling 1 and N0, enabling the length of input information to be Nx 512+448(bit), and reserving the last 64 bits;
step 2: storing the original message and complementing the last 64 bits; writing the length of original data before filling into 64 bits reserved in Step1 in binary representation, wherein the information length is changed into Nx 512+448+64 ═ N +1 × 512 (bit);
step 3: initializing an MD5 cache area; four 32-bit chain variables contained in the MD5 algorithm are initialized, respectively:
A=0x23456789
B=0x89FEDCBA
C=0xABCDEF98
D=0x98765432
step 4: grouping processing data and four-wheel cycle operation; the first packet copies the four chain variables into the other 4 variables: a to a, B to B, C to C, D to D; the variables from the second packet are the result of the operation of the previous packet, i.e., a, B, C, and D. The main cycle has four rounds with each round being substantially identical as shown in figure 3. The implementation is shown in fig. 4, i.e. taking three of a, b, c, d as a non-linear function operation, adding the result with a fourth variable and a sub-group of text and a constant, then left shifting the result by an indefinite number, adding one of a, b, c or d, and replacing one of a, b, c or d with the result, the non-linear function used in the operation is shown in table 1, and one is used in each round.
TABLE 1 nonlinear function
F(X,Y,Z)=(X&Y)|((~X)&Z) Function of F
G(X,Y,Z)=(X&Z)|(Y&(~Z)) G function
H(X,Y,Z)=X^Y^Z H function
I(X,Y,Z)=Y^(X|(~Z)) I function
Wherein: and is the AND operator, | is the OR operator, -is the non-operator, ^ is the XOR operator.
Step 5: and outputting the message abstract. After all the packets are processed, the output of the N +1 stage is the 128-bit message digest, i.e., the encrypted data Q.
Step 2: generating a random number through elliptic curve encryption; recording the current system time as d, generating dynamic information according to the system time d, sending the dynamic information into an elliptic curve for encryption, and adding the dynamic information into the elliptic curve through the elliptic curveAfter encryption, randomly selecting a point set G which is generated after encryption from the elliptic curven(1, 1) removing points on the axis of abscissa and axis of ordinate and points at infinity, then randomly taking a group of coordinate points and extending the coordinate points to 64 bits, and marking as e and f;
elliptic curve encryption takes an elliptic curve as a core and is a one-way irreversible public key cryptosystem. In the cipher, a curve over a finite field is common, that is, all coefficients are elements in a finite field gf (n) (where n is a large prime number). The most common of which is represented by the equation y2=x3+ax+b(a,b∈GF(n),4a3+27b2Not equal to 0). In this embodiment, a is 1, b is 1, i.e. the equation y is x3+ x +1, the image is a continuous curve as shown in FIG. 5, and G is setn(1, 1) represents a point set { (x, y) |0 ≦ x < n, 0 ≦ y < n, and x, y are integers } on the elliptic curve and an infinitely distant point O (O is an addition unit, i.e., G + O ═ G for any point G on the elliptic curve). Gn(1, 1) is produced by:
step 1: for each integer x (x is more than or equal to 0 and less than n), calculating x3+x+1(modn);
Step 2: it is determined whether or not there is a square root under the modulus n obtained at Step1, and if not, there is no point on the elliptic curve corresponding to x, and if so, two square roots are obtained (only one square root is obtained when y is 0).
Elliptic curve y on GF (n) in the manner described above2=x3+ x +1 in the first quadrant at the integer point plus the infinity point O
Figure BDA0002316660260000041
And (4) respectively. In this embodiment, a random number or other random code is generated in accordance with time, that is, a dynamic information is calculated as n, and the generated point set G is subjected to computationnIn (1, 1), a coordinate point is randomly selected after a point on the axis of abscissa (i.e., a point where x is 0 and y is 0) and a point at infinity are removed, and coordinate values of the coordinate points x and y are expanded into 64 bits, denoted as e and f, and used as an input of the pseudo-random number generator.
And step 3: running a pseudo-random number generator to generate a random string; using e and f as pseudo-random number generatorsInputting, system-generated secret key K1And K2Pseudo-random number R generated as a key run generatoriAnd new seed Vi+1Merging to generate a 128-bit character string which is marked as R;
the pseudo-random number generator based on ANSI X9.17 (the key management specification of financial institutions made by the american national standards institute) adopts the DES (Data Encryption Standard) Standard, which is one of the pseudo-random number generators having the highest cryptographic strength, as shown in fig. 6, in which DT is showniRepresenting the current date and time, EDE represents the triple DES for two keys, from figure 6 it can be seen that the operation of the pseudo-random number generator is divided into 3 parts:
step 1: inputting e and f generated by elliptic curves, where DTiRepresenting the current date and time, each time a number R is generatediAfter then DTiAre updated once; viThe initial value of the seed is set arbitrarily when the ith random number is generated, and the random number q is set in this embodiment and is automatically updated every time thereafter.
Step 2: a key. The pseudo-random number generator uses 3 triple DES encryptions, the 3 encryptions using the same two 56-bit key K1And K2These two keys are generated by the system in advance, must be kept secret and cannot be used for other purposes.
Step 3: and (6) outputting. Output as a 64-bit pseudo-random number RiAnd a 64-bit new seed Vi+1Wherein:
Figure BDA0002316660260000042
Figure BDA0002316660260000043
and 4, step 4: carrying out bitwise XOR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; carrying out bitwise XOR on the character strings Q and R to generate a new 128-bit cipher text serving as an information abstract, namely an encrypted user password, and carrying out bitwise XOR on the d, K1,K2And encrypted user passwordMeanwhile, the password storage field of the corresponding user is stored in the database, and the encryption of the user password is completed;
and 5: when the user logs in again, the user encrypts the input password by the steps of steps 1-4, wherein d, K1And K2Extracting from a database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext stored in the database, judging that the password of the user is correct.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions and scope of the present invention as defined in the appended claims.

Claims (2)

1. A user password encryption method based on an improved MD5 encryption algorithm is characterized in that: firstly, a password input during user registration is encrypted through an MD5 algorithm to obtain initial encrypted data, then random numbers are generated through an elliptic curve and sent to a pseudo-random number generator, a random character string is generated by the elliptic curve and the pseudo-random number generator together, and new encrypted data generated by bitwise XOR with the encrypted data generated by the MD5 algorithm are stored in a database as a message digest.
2. The user password encryption method based on the improved MD5 encryption algorithm of claim 1, wherein: the method specifically comprises the following steps:
step 1: inputting a password when a user registers, and encrypting the password through an MD5 algorithm to obtain encrypted data Q;
step 2: generating a random number through elliptic curve encryption; recording the current system time as d, generating dynamic information according to the system time d, sending the dynamic information into an elliptic curve for encryption, encrypting the dynamic information by the elliptic curve, and randomly encrypting the dynamic information from the elliptic curveSelecting the point set G generated after encryptionn(1, 1) removing points on the axis of abscissa and axis of ordinate and points at infinity, then randomly taking a group of coordinate points and extending the coordinate points to 64 bits, and marking as e and f;
and step 3: running a pseudo-random number generator to generate a random string; system generated key K using e and f as input to pseudo-random number generator1And K2Pseudo-random number R generated as a key run generatoriAnd new seed Vi+1Merging to generate a 128-bit character string which is marked as R;
and 4, step 4: carrying out bitwise XOR on the random character string generated in the step3 and the encrypted data obtained in the step1 to obtain an encrypted user password; carrying out bitwise XOR on the character strings Q and R to generate a new 128-bit cipher text serving as an information abstract, namely an encrypted user password, and carrying out bitwise XOR on the d, K1,K2Storing the encrypted user password and the corresponding password storage field of the user in a database at the same time to finish the encryption of the user password;
and 5: when the user logs in again, the user encrypts the input password by the steps of steps 1-4, wherein d, K1And K2Extracting from a database for operation; and comparing the encrypted ciphertext with the ciphertext stored in the database, and if the encrypted ciphertext is the same as the ciphertext stored in the database, judging that the password of the user is correct.
CN201911280697.1A 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm Active CN110943837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911280697.1A CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911280697.1A CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Publications (2)

Publication Number Publication Date
CN110943837A true CN110943837A (en) 2020-03-31
CN110943837B CN110943837B (en) 2023-06-06

Family

ID=69911255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911280697.1A Active CN110943837B (en) 2019-12-13 2019-12-13 User password encryption method based on improved MD5 encryption algorithm

Country Status (1)

Country Link
CN (1) CN110943837B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019535A (en) * 2020-08-26 2020-12-01 北京信安世纪科技股份有限公司 Password authentication method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100166174A1 (en) * 2008-12-29 2010-07-01 Lahouari Ghouti Hash functions using elliptic curve cryptography
CN105491030A (en) * 2015-11-27 2016-04-13 韦昱灵 Website user password encryption and verification method
CN107948155A (en) * 2017-11-24 2018-04-20 重庆金融资产交易所有限责任公司 Cryptographic check method, apparatus, computer equipment and computer-readable recording medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100166174A1 (en) * 2008-12-29 2010-07-01 Lahouari Ghouti Hash functions using elliptic curve cryptography
CN105491030A (en) * 2015-11-27 2016-04-13 韦昱灵 Website user password encryption and verification method
CN107948155A (en) * 2017-11-24 2018-04-20 重庆金融资产交易所有限责任公司 Cryptographic check method, apparatus, computer equipment and computer-readable recording medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MISS MANORAMA CHAUHAN: "An implemented of hybrid cryptography using elliptic curve cryptosystem (ECC) and MD5" *
郑晓松: "MD5加密算法的改进及应用" *
陈虹: "基于椭圆曲线的改进RC4算法" *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019535A (en) * 2020-08-26 2020-12-01 北京信安世纪科技股份有限公司 Password authentication method
CN112019535B (en) * 2020-08-26 2023-03-07 北京信安世纪科技股份有限公司 Password authentication method

Also Published As

Publication number Publication date
CN110943837B (en) 2023-06-06

Similar Documents

Publication Publication Date Title
US10951392B2 (en) Fast format-preserving encryption for variable length data
EP3563512B1 (en) Equivocation augmentation dynamic secrecy system
Mathur et al. AES based text encryption using 12 rounds with dynamic key selection
US8189775B2 (en) Method of performing cipher block chaining using elliptic polynomial cryptography
US20060265595A1 (en) Cascading key encryption
CN104270247B (en) Suitable for the efficient general Hash functions authentication method of quantum cryptography system
CN113711564A (en) Computer-implemented method and system for encrypting data
Asif et al. A novel image encryption technique based on Mobius transformation
Walia et al. Implementation of new modified MD5-512 bit algorithm for cryptography
Rani et al. Technical Review on Symmetric and Asymmetric Cryptography Algorithms.
Bhavani et al. Modified AES using dynamic S-box and DNA cryptography
CN110943837B (en) User password encryption method based on improved MD5 encryption algorithm
CN116094716A (en) Text encryption and decryption method, system and equipment based on elliptic curve cryptography
Antonio et al. A modified generation of S-box for advanced encryption standards
Abad et al. Enhanced key generation algorithm of hashing message authentication code
US6044488A (en) Process for generating a check word for a bit sequence for verifying the integrity and authenticity of the bit sequence
Libed et al. Enhancing MD5 Collision Susceptibility
Haryono Comparison encryption of how to work caesar cipher, hill cipher, blowfish and twofish
CN114039720B (en) Unconditional security authentication encryption method based on LFSR hash
CN114124354B (en) Deterministic authentication encryption and decryption device and method
MANAA et al. A PROACTIVE DATA SECURITY SCHEME OF FILES USING MINHASH TECHNIQUE
Uddin et al. Development of An Effective Cryptographic Algorithm Using Random Matrix Shared Key
Asif et al. Research Article A Novel Image Encryption Technique Based on Mobius Transformation
Rajeshwaran et al. Secured Cryptosystem for Key Exchange
CN115996113A (en) White-box SM4 cryptographic algorithm construction method and device supporting lookup table tamper resistance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant