Android 中的 MD5 哈希
我有一个简单的 Android 客户端,需要与一个简单的 C# HTTP 侦听器“对话”。我想通过在 POST 请求中传递用户名/密码来提供基本级别的身份验证。
MD5 哈希在 C# 中是微不足道的,并且为我的需求提供了足够的安全性,但我似乎无法找到如何在 android 端执行此操作。
编辑:只是为了解决有关 MD5 弱点的担忧 - C# 服务器在我的 Android 客户端用户的 PC 上运行。在许多情况下,他们将在自己的 LAN 上使用 wi-fi 访问服务器,但他们可能会选择从互联网访问服务器,风险自负。此外,服务器上的服务需要使用 MD5 传递给我无法控制的第三方应用程序。
I have a simple android client which needs to 'talk' to a simple C# HTTP listener. I want to provide a basic level of authentication by passing username/password in POST requests.
MD5 hashing is trivial in C# and provides enough security for my needs but I can't seem to find how to do this at the android end.
EDIT: Just to address the concerns raised about MD5 weakness - the C# server runs on the PCs of the users of my android client. In many cases, they'll be accessing the server using wi-fi on their own LANs but, at their own risk, they may choose to access it from the internet. Also the service on the server needs to use pass-through for the MD5 to a 3rd party application I have no control over.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(16)
这里是一个您可以使用的实现(更新为使用更多最新的 Java 约定 -
for:each
循环,StringBuilder
而不是StringBuffer
):尽管不推荐用于甚至涉及基本的系统安全级别(MD5 被认为已损坏并且很容易被利用),它是有时足以完成基本任务。
Here is an implementation you can use (updated to use more up to date Java conventions -
for:each
loop,StringBuilder
instead ofStringBuffer
):Although it is not recommended for systems that involve even the basic level of security (MD5 is considered broken and can be easily exploited), it is sometimes enough for basic tasks.
接受的答案在 Android 2.2 中对我不起作用。我不知道为什么,但它“吃掉”了我的一些零 (0) 。
Apache commons 也无法在 Android 2.2 上运行,因为它使用的方法仅从 Android 2.3.x 开始受支持。另外,如果您只想对字符串进行 MD5,Apache commons 就太复杂了。为什么一个人应该保留整个库来仅使用其中的一个小函数...
最后我找到了以下代码片段 这里 这对我来说非常有用。我希望它对某人有用......
The accepted answer didn't work for me in Android 2.2. I don't know why, but it was "eating" some of my zeros (0) .
Apache commons also didn't work on Android 2.2, because it uses methods that are supported only starting from Android 2.3.x. Also, if you want to just MD5 a string, Apache commons is too complex for that. Why one should keep a whole library to use just a small function from it...
Finally I found the following code snippet here which worked perfectly for me. I hope it will be useful for someone...
androidsnippets.com 代码无法可靠地工作,因为 0 似乎被从生成的哈希值中删除了。
此处有更好的实现。
The androidsnippets.com code does not work reliably because 0's seem to be cut out of the resulting hash.
A better implementation is here.
如果可以选择使用 Apache Commons Codec,那么这将是一个较短的实现:
或 SHA:
上述的源。
请点击链接并为他的解决方案投票以奖励正确的人。
Maven 存储库链接: https://mvnrepository.com/artifact/commons-codec/commons-codec
当前 Maven 依赖项(截至 2016 年 7 月 6 日):
If using Apache Commons Codec is an option, then this would be a shorter implementation:
Or SHA:
Source for above.
Please follow the link and upvote his solution to award the correct person.
Maven repo link: https://mvnrepository.com/artifact/commons-codec/commons-codec
Current Maven dependency (as of 6 July 2016):
上面使用 DigestUtils 的解决方案对我来说不起作用。在我的 Apache commons 版本(2013 年最新版本)中没有这样的类。
我在这里的一个博客中找到了另一种解决方案。它运行完美并且不需要 Apache commons。它看起来比上面接受的答案中的代码短一些。
您将需要这些导入:
A solution above using DigestUtils didn't work for me. In my version of Apache commons (the latest one for 2013) there is no such class.
I found another solution here in one blog. It works perfect and doesn't need Apache commons. It looks a little shorter than the code in accepted answer above.
You will need these imports:
这是上面 Andranik 和 Den Delimarsky 答案的轻微变化,但它更简洁,并且不需要任何按位逻辑。相反,它使用内置的 String.format 方法将字节转换为两个字符的十六进制字符串(不去除 0)。通常我只会对他们的答案发表评论,但我没有这样做的声誉。
如果您想返回小写字符串,只需将
%02X
更改为%02x
即可。编辑:
像 wzbozon 的答案一样使用 BigInteger ,您可以使答案更加简洁:
This is a slight variation of Andranik and Den Delimarsky answers above, but its a bit more concise and doesn't require any bitwise logic. Instead it uses the built-in
String.format
method to convert the bytes to two character hexadecimal strings (doesn't strip 0's). Normally I would just comment on their answers, but I don't have the reputation to do so.If you'd like to return a lower case string instead, then just change
%02X
to%02x
.Edit:
Using BigInteger like with wzbozon's answer, you can make the answer even more concise:
这是 @Andranik 答案的 Kotlin 版本。
我们需要将
getBytes
更改为toByteArray
(不需要添加字符集UTF-8,因为toByteArray
的默认字符集是UTF-8)并将 array[i] 转换为整数希望有帮助
Here is Kotlin version from @Andranik answer.
We need to change
getBytes
totoByteArray
(don't need to add charset UTF-8 because the default charset oftoByteArray
is UTF-8) and cast array[i] to integerHope it help
我用 Kotlin 做了一个简单的库。
在 Root build.gradle 处添加
App build.gradle
使用
在 Kotlin 中
然后使用 hash() 方法
它将分别返回 MD5 和 SHA-1。
有关该库的更多信息
https://github.com/ihimanshurawat/Hasher
I have made a simple Library in Kotlin.
Add at Root build.gradle
at App build.gradle
Usage
In Kotlin
Then Use hash() method
It will return MD5 and SHA-1 Respectively.
More about the Library
https://github.com/ihimanshurawat/Hasher
有用的 Kotlin 扩展函数示例
Useful Kotlin Extension Function Example
请使用SHA-512,MD5不安全
Please use SHA-512, MD5 is insecure
在我们的 MVC 应用程序中,我们生成长参数
,并在 Android 应用程序中生成相同的参数(然后帮助 Andranik)
In our MVC application we generate for long param
and same in Android application (thenk helps Andranik)
我使用下面的方法通过传递你想要获取 md5 的字符串来给我 md5
i have used below method to give me md5 by passing string for which you want to get md5
MD5有点老了,SHA-1是一个更好的算法,有这里有一个例子。
(正如他们在那篇文章中指出的那样,Java 自行处理此问题,没有 Android 特定代码。)
MD5 is a bit old, SHA-1 is a better algorithm, there is a example here.
(Also as they note in that post, Java handles this on it's own, no Android specific code.)
实际上,其他建议中普遍存在过于浪费的 toHex() 转换。
Far too wasteful toHex() conversion prevails in other suggestions, really.
这对我来说非常有效,我用它来获取 LIST 数组上的 MD5(然后将其转换为 JSON 对象),但如果您只需要将它应用于您的数据。输入格式,将 JsonObject 替换为您的格式。
特别是如果你与 python MD5 实现不匹配,请使用这个!
this is working perfectly for me, I used this to get MD5 on LIST Array(then convert it to JSON object), but if you only need to apply it on your data. type format, replace JsonObject with yours.
Especially if you have a mismatch with python MD5 implementation use this!
提供的Scala语言解决方案(稍微短一点):
The provided solutions for the Scala language (a little shorter):