md5反查 加盐加复杂度,加盐值和复杂度,方式是在数据库中存储盐值,和盐值和密码和复杂度密码拼接后的字符串转成的md5加密后的密码,当用户请求登录后,服务器拿到用户名,查找到对应用户信息,拿出用户盐值和收到的密码,利用自己固定的拼接方式,拼接后,通过md5密文。和数据库中密文对比
// /app/password.js
const crypto = require('crypto')
const hash = (type, str) => crypto.createHash(type).update(str).digest('hex')
const md5 = str => hash('md5',str)
const sha1 = str => hash('sha1',str)
const encryptPassword = (salt, password) => md5(salt + '复杂度' +
password)
const psw = '123432'
console.log('md5', md5(psw))
console.log('sha1', sha1(psw))
module.exports = encryptPassword
密码升级复杂方式
// index.js
const encryptPassword = require('./password')
if (res.length !== 0 && res[0].salt === null) {
console.log('no salt ..')
if (password === res[0].password) {
sql = `
update test.user
set salt = ?,
password = ?
where username = ?
`
const salt = Math.random() * 99999 + new Date().getTime()
res = await query(sql, [salt, encryptPassword(salt, password),
username])
ctx.session.username = ctx.request.body.username
ctx.redirect('/?from=china')
}
} else {
console.log('has salt')
if (encryptPassword(res[0].salt, password) === res[0].password) {
ctx.session.username = ctx.request.body.username
ctx.redirect('/?from=china')
}
}