Make small talk about MD5 encryption. Most websites do not store plain-text passwords when recording user passwords. Instead, they use MD5,SHA1 and other irreversible algorithms to encrypt the passwords and store them. This way, even if the database is stolen, the password will not be accessed.
Having said that, it is important to note that all irreversible encryption is not intended to prevent brute force on the client side. It’s about preventing hackers from taking the ciphertext and then retweeting it. For example, the hacker has a table (rainbow table) that stores a large number of common passwords and common passwords after MD5
Ciphertext. If the hacker broke through the database, got the ciphertext can be easily compared to the rainbow table, get the plaintext password. So just putting plaintext MD5 is not enough. Generally, the plaintext password is not MD5 directly, but to generate a random string (salt)+ password and MD5 encryption
Finally, ciphertext and salt are stored separately in different tables. This way, even if the hacker has access to the user password table, he can’t push back the plaintext without the salt table. But if they get both tables, they can add the rainbow table password + salt to regenerate the password table, so also
You can deduce the password backwards. Therefore, it is safer to perform MD5 MD5 N times for the ciphertext obtained after MD5 of salt and password to store the ciphertext in the database. Hackers do not know exactly how many times MD5, can not push back plaintext.