加密和散列之间的区别 [英] Difference between encryption and hashing

问题描述

在我们的项目中，我们有几个地方可以用散列函数去掉。例如，我们在许可证和数据库中的许可对象之间存储加密引用以及未加密的引用。这样做是为了确保用户无法通过数据库进行许可来更改其许可的实体。

我们在任何地方使用加密的主要原因是我们已经拥有不错的加密库和系统密钥。除此之外，开发一个散列图库并不值得。

我们使用加密而不是哈希创建的安全风险？ p>

解决方案

通过将明文与密文一起存储，您将创建一个很好的测试字符库，如果有人想找出你的密钥。因为你显然使用密钥来加密一切，我会说它是一种风险。

记住，关于中央数据库的好东西是有人会得到数据。如果历史是任何教训，至少。

In our project there are several places where we could've gotten away with hashing. For example, we store an encrypted reference between a license and the licensed object in the database along with the unencrypted reference. This is to ensure that the user can't change the entity they have licensed by mucking with the database.

The main reason we use encryption everywhere is that we already had a nice encryption library and a system key. It didn't really seem worth the time to develop a hashing library in addition.

Is there any security risk we're creating by using encryption instead of hashing?

解决方案

By storing the plain text along with the ciphertext you are creating a nice repository of test strings if someone would want to find out your key. Since you apparently use said key for encrypting everything I'd say it is a risk.

Remember, the nice thing about central databases is that some day someone will get the data. If history is any lesson, at least.

这篇关于加密和散列之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！