Microservice Development
Create a microservice project. All project microservices will reside within this project. Create joyshop_srv. We don't have a user login/registration service, so we'll create another directory under the project directory: user_srv and user_srv/global (global object creation and initialization) user_srv/handler (business logic code) user_srv/model (user-related models) user_srv/proto (user-related models) main.go service startup file
We use MD5 encryption for passwords.
1. Message Digest Algorithm 5 (MD5) Information Digest Algorithm
MD5 is a common hashing algorithm with the following main characteristics:
-
Compressibility
Regardless of the data's length, the calculated MD5 value always has a fixed length. -
Easy to Compute
It is very easy to compute the MD5 value from the original data. -
Resistance to Modification
Any modification to the original data, even a single byte, results in a significantly different MD5 value. -
Strong Collision Resistance
It is extremely difficult to find two different pieces of data that produce the same MD5 value. -
Irreversibility
It is irreversible; the original data cannot be restored from the MD5 value.
MD5 Salted Encryption
1. Purpose of Salting
To enhance the security of MD5 encryption and prevent rainbow table attacks, a "salt" value is typically added to the original data before MD5 encryption.
2. Salting Methods
-
Combine by generating random numbers and MD5-generated strings
-
Concatenate the randomly generated salt value with the original password before performing MD5 encryption.
-
E.g.:
md5( password + salt ) -
Database stores both MD5 value and salt value
- During registration: Generate salt, compute salted MD5, and store both in the database.
- During verification: Retrieve salt, re-encrypt, and compare MD5 values.
// 设置加密参数
options := &password.Options{
SaltLen: 16,
Iterations: 100,
KeyLen: 32,
HashFunction: sha512.New,
}
// 1. 加密
salt, encodedPwd := password.Encode("your_password", options)
final := fmt.Sprintf("$pbkdf2-sha512$%s$%s", salt, encodedPwd)
// 2. 拆分(模拟从数据库读取)
parts := strings.Split(final, "$")
saltFromDb := parts[2]
hashFromDb := parts[3]
// 3. 验证
ok := password.Verify("your_password", saltFromDb, hashFromDb, options)
fmt.Println("验证是否通过:", ok)
主题测试文章,只做测试使用。发布者:Walker,转转请注明出处:https://walker-learn.xyz/archives/6771
