2

I've built a CMS system to allow users to create and manage online forms on my client's intranet app.

Of course some of the data handled by the forms may need to be encrypted e.g. if the system is used to build a form that handles salary specifics or whatever. So I'm using the AESManaged class to symmetrically encrypt this sort of data prior to it going into our application db.

All is fine, but now, prior to release, I could do with a steer regarding the shared secret and salt.

My original idea was to make a (dynamic) shared secret by combining the (GUID-based) ID of the Form containing the encrypted field with the (again, GUID-based) id of the Question the field is the answer to: 

FormId:QuestionId

My Salt is currently generated the same way, only with the order of Guids reversed ie. 

QuestionID:FormID.

I'm new to this stuff so not sure if this a sensible strategy or if I should be doing it some other way?

4

1 回答 1

1

盐应该是一个随机生成的值。其目的是使字典/蛮力攻击更难执行。维基百科有一篇关于加密盐的好文章: http ://en.wikipedia.org/wiki/Salt_(cryptography )

对于共享机密,理想情况下,它不会是一个未加密的数据(例如您的 id)存储的值。通常最好的做法是由最终用户或管理员以某种方式选择密钥,以便他们可以定期轮换它,或者如果发生某种安全漏洞。此密码密钥可能由 CMS 的每个用户拥有,也可能由管理员帐户拥有。如果您有非常严格的安全要求,您可以寻求第三方密钥管理服务器。

如果这里的主要目标是更多的混淆,并且 CMS 不会受到某种形式的安全审计,那么按照你最初的想法做一些事情就可以了。它将防止数据的随意访问,但可能不会通过针对需要随机盐、轮换密钥的方式以及系统“所有者”更改密码的方式的正式标准的审计,使得您自己无法访问数据。

于 2011-03-04T12:03:23.417 回答