Encryption Algorithms and Their Application in User Management Modules

This article first outlines the three major categories of encryption algorithms: symmetric encryption, asymmetric encryption, and hash algorithms.

Symmetric Encryption

Symmetric encryption uses the same key for encryption and decryption, offering fast performance but relatively weaker security. Common symmetric algorithms include DES, 3DES, DESX, Blowfish, IDEA, RC4, RC5, RC6, and AES.

Asymmetric Encryption

Asymmetric encryption uses a public‑private key pair, providing stronger security at the cost of slower performance. Typical algorithms are RSA, ECC (for mobile devices), Diffie‑Hellman, El Gamal, and DSA for digital signatures.

Hash Algorithms

Hash algorithms are one‑way functions that generate a fixed‑length digest from input data, useful for password storage and integrity checks. Common hashes include MD2, MD4, MD5, HAVAL, SHA, SHA‑1, HMAC, HMAC‑MD5, and HMAC‑SHA1.

User Management Module Encryption Points

Admin account activation – password must be encrypted before sending to the backend.

User login – password must be encrypted to prevent plaintext transmission.

User creation – initial passwords for new users must be encrypted.

User information modification – password changes require encryption.

Data storage – passwords stored in the database must be encrypted.

Choosing Encryption Algorithms for Implementation

For admin account activation, both RSA (asymmetric) and AES‑128 (symmetric) are used. The process includes:

Web client receives a Base64‑encoded RSA public key.

Server decodes the public key.

Server generates a 16‑character random string.

Server encrypts the random string with the RSA public key.

Server Base64‑encodes the encrypted string and sends it to the web client.

Web client decodes the Base64 string and decrypts it with the RSA private key.

Web client concatenates the random string with the password.

Web client encrypts the concatenated string using AES‑128 with the random string as the key and sends it to the server.

Server decrypts the AES ciphertext, verifies the random string, and stores the password securely.

Note: The key used for database storage differs from the key used to encrypt the random string.

Man‑in‑the‑Middle (MITM) Attack Warning

A MITM attack intercepts communication between client and server, potentially substituting a forged public key and capturing encrypted data. Proper authentication mechanisms, such as SSL/TLS certificates, are essential to prevent this threat.

User Login Encryption

Login password verification can be performed without decryption by using the MD5 hash algorithm. The steps are:

Front‑end hashes the password with MD5.

Server retrieves the stored password hash.

Server decrypts the stored password (if necessary) and compares the two MD5 hashes.

User Creation & Modification Encryption

Both user creation and information modification employ AES‑128 encryption with the same public key used for activation.

Data Storage Encryption

Database storage of passwords also uses AES‑128, but with a different public key than the one used for activation.

Conclusion

While HTTPS can address many encryption concerns, implementing custom encryption mechanisms—using RSA, AES‑128, and MD5 as described—allows fine‑grained control over user data security within the application.