-1

I don't understand encryption very well at all; in the past I've just trusted it, but if I'm writing a web application that will go online I think I should try to understand it better.

Here's my question:

Suppose I'm asked to type in my password to log in on any website. The password, or some function of it, must then be sent to the server so that the server can compare it to the encrypted password stored there.

Either the password is sent in plain text, in which case (I think) it isn't secure as somebody could intercept and read it (which is a Bad Thing), or it's sent in it's encrypted format, in which case somebody could intercept that and, even if they can't read the password, they could then pretend to be you by sending the encrypted string to the site, which wouldn't know any better. Similarly if the hacker gets a copy of the database, he would just be able to send of the encrypted password and gain privileges. This is also a Bad Thing.

4

1 回答 1

4

你需要阅读

  • HTTPS/SSL
  • 密码散列

你提到的问题已经被考虑和解决了。

密码以纯文本形式发送

它不是。它是通过 HTTPS 发送的,意思是加密的。

或者它是以加密格式发送的,在这种情况下,有人可以拦截它,即使他们无法读取密码,他们也可以通过将加密字符串发送到站点来假装是你。

不,HTTPS 会话不能就这样被劫持。双方正在协商一个共享的密钥,你不能只是拦截和重放。服务器发出中间人无法令人信服地回答的挑战。

请注意,这取决于公钥基础设施,这意味着受信任的证书链。如果有人可以伪造 SSL 证书(或让您接受自签名证书),您无法确定与谁交谈。然后,中间人是可能的。

同样,如果黑客获得数据库的副本,他将能够发送加密密码并获得特权。

是的,如果黑客获得了数据库的副本,那就是个问题。

然而,发送加密密码是没有用的。密码检查通过发送“原始”密码(通过加密连接),然后将其与存储在数据库中的哈希值进行比较。

如果黑客获得了数据库,他会做的是尝试在本地暴力破解(猜测)密码,如果幸运的话,他可以以用户身份登录。幸运的是,如果密码是长且随机的,并且已经适当地散列和加盐,这个过程仍然需要很长时间。不再长到完全不被破解,但仍足以让您更改密码。

于 2013-09-05T23:16:57.860 回答