With the "original information" and its corresponding "md5 signature string", we can do basic information verification: through the consistency of md5 signature string, we can ensure that the information we received has not been changed.
P.S.: Because the signature will refer to other things in subsequent articles, in order to distinguish the md5 signature string, we changed the name of the md5 signature string to the md5 fingerprint string. The meaning is the same as signature, that is, the evidence and characteristics of A can be represented by signature or fingerprint. Here, we begin to call this feature corresponding to the md5 fingerprint of the md5 string.
But an easy-to-find loophole is, what if the "original information" and "md5 fingerprint string" are modified at the same time? The original information is replaced by false information, and the md5 fingerprint string is also replaced by md5 code generated by false information. At this time, the original verification process can go, and it is impossible to find that the information has been modified or replaced.
In order to solve this problem, authentication and encryption will be combined in industrial practice. In addition to simple combinations, some basic tips will be introduced.
For example, because the verification algorithm of md5 is public, it is easy to generate the information of an md5 fingerprint string, thus forging the original information. So, can you make it impossible or difficult to forge the md5 fingerprint string of this information?
One trick is: instead of providing the md5 verification code of the original information, provide the md5 fingerprint string of "original information +akey":
The key is a random string such as "2d2316235b41924ac7b4194661d2984", which is saved by the "sender" and the "receiver" respectively.
At this point, our verification process becomes:
The sender packages the "original information" and the "key" together to generate an md5 fingerprint string. Then send the original information and the md5 fingerprint string.
After receiving the message, the receiver packages the "accepted message" and the "key" together to generate an md5 string, and then compares it with the received md5 string to see if it is consistent.
In this case, even if the original information and the md5 string are modified at the same time, it is almost impossible for the forger to provide an md5 string of "original information+key" because he does not know what kind of key string is added to the original information. Because he can't infer the appearance of the key in reverse. The md5 encryption algorithm ensures this "almost impossible" situation.
Another way to protect "original information" and "md5 fingerprint string" is to directly consider encrypting md5 verification code. Lijiang computer training/think this method does not conflict with the above tips. In fact, you can combine the above tips to construct a safer way. But in order to reduce the difficulty of understanding, let's put aside the above tips for the time being and simply consider three things: original information, md5 fingerprint string and md5 string encryption.