jCryption + CRAM是SSL的好选择？ [英] jCryption + CRAM are a good alternative to SSL?

问题描述

我想知道 jCryption +挑战响应认证机制是否是SSL的良好替代品。 p>

我知道SSL非常好，但是我正在建立一个所有者不想购买SSL证书的项目，我想找到一个解决方案给予最好的安全方法，可以在不使用SSL的情况下获得。

任何想法？

解决方案

不，不是。

刚刚在我头上，我可以想到很多原因：HTTP头仍然未加密，密钥交换容易受到中间人攻击，您对客户端代码的信任度高。

只需使用来自Startcom的免费SSL证书。

I would like to know if jCryption + Challenge Response Authentication Mechanism are a good alternative to SSL.

I know that SSL is very much better, but I'm making a project where the owner don't want to buy a SSL certificate and, I would like to find a solution to give the best security approach that could be acquired without the use of SSL.

Any ideas?

解决方案

No, it's not.

Just off the top of my head, I can think of many reasons: HTTP headers are still unencrypted, the key exchange is vulnerable to man-in-the-middle attacks, and you're putting a high degree of trust in client-side code.

Just use a free SSL certificate from Startcom.

这篇关于jCryption + CRAM是SSL的好选择？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！