安全登录:PHP 和 Javascript 中的公钥加密
我正在尝试使普通"用户名/密码登录表单安全,而不需要 HTTPS.我的想法是这样的:
I'm trying to make a "normal" username/password login form secure, without needing HTTPS. My idea is this:
- 服务器为某种非对称加密算法生成一个密钥对.它将这个密钥对存储在一个临时表中(或者可能是本地会话数据).
- 服务器将表单发送给客户端并包含公钥.
- 用户填写表格.
- 在将密码发送到服务器之前,Javascript 会使用给定的公钥对密码进行加密.
- 表格已发送.
- 服务器使用它的私钥解密密码(它从临时表中获取,使用公钥找到它).
我需要知道的是:
- 哪种加密方法最好用?RSA?
- 如何在 PHP 中解密密码?
- 可能是最困难的一个,我怎样才能让 Javascript 加密密码?
推荐答案
提前:我很抱歉我是消极的;
In advance: I'm sorry for being negative, however;
实施您自己的安全协议绝不是一个好主意,除非您是训练有素的安全专家,或者您实际上并不真正关心安全性,只想给人一种印象安全(营销)并阻止脚本小子.
Implementing your own security protocol is never a good idea, unless you're a highly trained security expert, or you actually don't really care about the security and only want to create an impression of security (marketing) and stop the script kiddies.
SSL 绝对不是指纹锁,正如您在评论中所说,JCryption 和您的建议等于有一扇门,您可以在其中输入一个两位数的密码来打开门,并且您可以无限次重试.如果你不是真的感兴趣,只是路过,很难打破,但如果你想进入那所房子(你可能会这样做,否则不需要安全措施),你就会进去.
SSL is definitely not a fingerprint lock, as so say in your comments, JCryption and your proposal are equal to having a door where you can enter a two-digit code to open the door and you have infinite many retries. It's hard to break if you're not really interested and just passing by, but if you want to get in that house (and you probably do, else security wouldn't be needed), you will get in.
另一点是人们经常忘记提及他们想要实现的目标.安全性具有著名的三个组件,称为 CIA,即机密性、完整性和可用性.对您而言,您传输的数据是机密的重要还是完整性重要(即您确定发送的数据来自您期望的数据,而不是中间人)?
Another point is that people often forget to mention what they want to achieve. Security has the famous three components called CIA, namely confidentiality, integrity and availability. Is it for you important that the data you transport is confidential, or is integrity important (i.e. you're sure that the sent data comes from the one you expect and not the man in the middle)?
为了在这种情况下具体化,您在这里实现的唯一一件事是被动攻击者无法看到在线上经过的内容.一旦您的攻击者变得活跃并更改其路由上的消息,您的整个安全性就会崩溃.所以我的建议是坚持使用专家提出的解决方案(在这种情况下是 TLS,而不是 ssl,因为那是它的旧版本),并确保你的服务器支持它.
To make it concrete in this case, the only thing that you achieve here is that a passive attacker cannot see whats passing by on the line. As soon as your attacker gets active and changes the messages on their route, your whole security falls apart. So my advice would be to just stick with the solution the experts have come up with (TLS in this case, not ssl since that is the old version of it) and just make sure your server supports it.
顺便说一句,如果没有证书,SSL/TLS 将无法工作.公钥加密的重点是至少应该有某个可信方.
Btw, SSL/TLS cannot work without certificates. The whole point in public key crypto is that there should be at least somewhere some trusted party.
另一方面,如果您不关心您的用户会收到无效证书"消息,您可以创建自己的证书,这非常简单.在这种情况下,浏览器不信任您的证书,但是,您可以确保至少您的通信是安全的(好吧,在这种情况下也有例外,但仍然......)
On the other hand, if you don't care that your users will get an "invalid certificate" message, you can just create your own certificate which is really easy. In that case your certificate isn't trusted by the browsers, however, you can be sure that at least your communication is safe (okay, there are exceptions in this case, but still ...)
证书应该免费的论点实际上是从一个角度来看的.我认为声称它是虚假/愚蠢的人不知道成为认证机构需要什么.这些公司投资数百万以保证通信安全,并确保他们通过销售证书赚取可观的收入,但嘿,这是他们的工作,他们也应该像其他任何人一样赚钱.
The argument that certificates should be for free is really from a perspective point of view. I think people who claim it is bogus/idiotic don't know what it takes to be a certification authority. These companies invest millions in order to keep the communication secure, and sure they make nice money out of selling certificates, but hey its their job and they also deserve to make money, just like any others.
edit2:评论后
我确实说你有一个安全的通信.但是,您错过了使用自签名证书您不知道与谁安全交谈的要点.想象一个黑暗的房间,它与窃听谈话完全隔绝.现在想象一下这样一个有灯和没有灯的房间之间的区别.如果房间里有灯光,您实际上可以安全地看到您正在与谁交谈,并且只能选择与您喜欢信任的人交谈.现在想象在一个完全黑暗的房间里做同样的事情.你只能希望在这个黑暗的房间里与你交谈的那个人只是一个盟友,而不是你的对手.然而,你不能知道,只是希望没关系.尽管您的对话本身是安全的,但没有人可以窃听,您仍然没有完全"的安全性.
I indeed say that you have a secure communication. However, you miss the point that with self signed certificates you dont know to whom you talk securely. Imagine a dark room which is completely isolated from eavesdropping a conversation. Now imagine the difference between such a room with and without light. If the room has light, you can actually see to whom you're talking securely and only choose to talk to people you like to trust. Now imagine doing the same in a completely dark room. You can only hope that the guy you talk to inside this dark room is just an ally and not your adversary. However, you cannot know that, just hope that it's ok. And although your conversation itself is secure, nobody can listen in, you still dont have "full" security.
如果我作为一个骗子进行中间人攻击,我可以在用户不注意的情况下创建自签名证书.因此,将 TLS 与自签名证书一起使用的优势在于,您至少拥有协议 corrent 的实现(甚至实现这一点也远非易事).此外,您可以通过建议您的用户手动信任证书一次来避免丑陋的警告.但是,这只有在您的回访者群体相对较少时才有可能,对于公共网站来说,这并不是真正的解决方案.
If I, being a crook, do a man-in-the-middle attack, I can create a self signed certificate without the user noticing. So the advantage of using TLS with self signed certificates is that you have at least the implementation of the protocol corrent (and even implementing this is far from easy). Moreover you can avoid the ugly warnings by advising your users to manually trust the certificate once. However, this is only possible if you have a relatively small group of returning visitors, for a public website this is not really a solution.
相关文章