Understanding MD5 and RSA Encryption in Automation

In interface automation, we often encounter situations where passwords need to be encrypted. Sometimes, we look for developers to solve this. However, test engineers can also solve it themselves. Below, I will introduce the methods and applications of encryption in requests.

Characteristics and Processing of MD5 Encryption

Symmetric encryption algorithms: The same key is used for both encryption and decryption—–Single-key encryption DES, AES

Asymmetric encryption algorithms: Different keys are used for encryption and decryption—– (Public key, private key)—High security RSA

Hash algorithms: MD5 SHA256

MD5 can encrypt plaintext into ciphertext, but it cannot decrypt ciphertext back into the original plaintext.

After encrypting the password, the ciphertext is stored in the database. To verify if the entered password is correct, simply encrypt the input password using the same MD5 method and check if the two encrypted results are the same.

How to Prevent Cracking

Since MD5 cannot be decrypted, how can it be cracked?

In fact, the drawbacks of MD5 are very obvious, which is that the ciphertext generated from the same plaintext is always the same. For example, encrypting 123456 yields:

e10adc3949ba59abbe56e057f20f883e

Thus, we only need to run the encryption once to know what the original text corresponding to the ciphertext is.

1. MD5 + Fixed Salt Value

The principle is to concatenate a string to the original plaintext before encryption. If this string is not leaked, then the ciphertext is secure; using MD5 with a fixed salt value is the same principle as multiple encryptions. If the fixed salt value is leaked, it means it has been cracked.

2. MD5 + Random Salt Value

If each user uses a different salt value for encryption, hackers cannot crack all passwords at once. For each user’s password cracked, they must brute-force the encryption using the salt value until the password is found, greatly increasing the time required for cracking.

Thus, even if a user’s salt value is leaked, it will not affect other users. Even if all users’ salt values are leaked, hackers will still need a very long time to crack them all.

RSA Data Encryption and Signature Verification Process

1. Introduction to RSA

RSA encryption is an asymmetric encryption algorithm used to complete decryption without directly transmitting keys, ensuring the security of information and avoiding the risk of cracking that may arise from directly transmitting keys.

RSA encryption uses a pair of keys for encryption and decryption, referred to as the public key and private key, which are mathematically related.The security of this encryption algorithm is based on the difficulty of factoring large integers.Typically, individuals keep their private keys, while the public key is public and can be held by multiple people.

2. The Difference Between RSA Encryption and Signing

Both encryption and signing aim to ensure security, but there are slight differences.People often confuse whether to use the private key or the public key for encryption and signing, which indicates a misunderstanding of their purposes.In simple terms, encryption is to prevent information from being leaked, while signing is to prevent information from being tampered with.

3. The RSA Encryption Process is as Follows:

A generates a pair of keys (public key and private key), with the private key kept secret by A. The public key is public and can be accessed by anyone.

A uses their private key to sign the message, generating a signature, and sends the signed message along with the original message to B.

B receives the message and uses A’s public key to verify the signature. If the verification result matches the original message, it proves that the message was sent by A.

In this process, there are only two transmission processes.The first is when A sends the signed message and the original message to B, and the second is when B obtains A’s public key.

Even if both transmissions are intercepted by an adversary, there is no danger, because only A’s private key can sign the message. Even if the content of the message is known, it is impossible to forge a signed response to B, thus preventing tampering with the message content.

In practical applications, encryption and signing are usually used together.For example, both A and B have their own sets of public and private keys. When A wants to send a message to B, they first encrypt the message using B’s public key, and then sign the encrypted message using A’s private key, thereby preventing both the leakage of the message content and the tampering of the message content, further ensuring the security of the information.

Conclusion: A and B each possess a set of public and private keys, with the public key used for encryption and the private key used for decryption, while the private key is used for signing and the public key for verification.

After reading this article, do you now have a deeper understanding of “MD5 and RSA Encryption in Automation“? If you have any questions, feel free to raise them in the comments!

END

Related posts

Leave a Comment Cancel reply