在C#中加密 [英] Encrypt in C#
问题描述
你好,
我有一个TCP / IP客户端服务器应用程序。
客户端在开始从服务器获取数据之前它发送密码和用户名然后是服务器如果与服务器数据库匹配,则用用户名检查密码,服务器开始发送数据,否则服务器拒绝连接。
问题是我需要一种方法来加密包含发送到服务器的密码的消息。
达到这个目标的最佳方法是什么。
i通过互联网搜索(私钥加密,公钥加密)..但我有一些要点:
1.私钥中客户端将保存私钥的问题?如果我想更改私钥怎么办??
2.如果有人对数据进行嗅探并获取加密邮件的一部分包含加密密码并将其再次发送给服务器,该怎么办? program?
Hello,
I have a TCP/IP client server application .
the client before start getting data from the server it send its password and user name then the server check the password with user name if it matchecd with the server database the server start sending data else the server refuse the connection.
the problem is i need a way to encrypt the message contain the password sent to the server .
what is the best way to achive this goal.
i searched over the internet (private key encryption ,public key encryption).. but i have some points:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?
推荐答案
1。在私钥中客户端将保存私钥的问题?如果我想更改私钥怎么办??
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?
你不能把它嵌入到可执行文件中吗?是否有令人信服的理由改变它?
Cannot you embed it into the executable? Is there a compelling reason to change it?
2。如果有人对数据进行嗅探并获取加密消息的一部分包含加密密码并将其从程序中再次发送到服务器怎么办?
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?
您可以加密一些时间戳(或计数器) )info和密码。
:)
You may encrypt some timestamp (or counter) info together with the password.
:)
1。在私钥中客户端将保存私钥的问题?如果我想更改私钥怎么办?无法将其嵌入可执行文件中?是否有令人信服的理由改变它?
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?Cannot you embed it into the executable? Is there a compelling reason to change it?
最终需要将钥匙嵌入某处,如果你在外面存放它对程序(例如XML)你打开滥用的密钥。不要将属性命名为Key或可识别的名称,并且一些声明密钥的方法比其他方法更好。你需要对此进行一些研究。
Ultimately need to embed the key somewhere, if you store it externally to the program (e.g. in XML) you open up the key for abuse. Don't name the property Key or a recogisable name, and some methods for declaring the key are better than others. You'll need to do some research on this.
2。如果有人对数据进行嗅探并获取加密消息的一部分包含加密密码并将其从程序中再次发送到服务器怎么办?
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?
这是一个问题。可以重新发送嗅探消息,但OP中的方法将阻止重用密码。您只能接受小于 n 秒的消息,这会提供一些保护,但依赖于服务器和客户端时钟相对同步。
您可以考虑在邮件中添加签名(以确保它没有更改)以及加密。
This is a problem. The sniffed message can be resent, but the method in the OP will prevent the password from being re-used. You could only accept messages the a less than n seconds old, which would give some protection, but relies on the server and client clocks being relatively in sync.
You could look at adding a signature to your message (to ensure it hasn't been changed) as well as encryption.
hazem12 wrote:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?
Cannot you embed it into the executable? Is there a compelling reason to change it?
hazem12 wrote:
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?
You may encrypt some timestamp (or counter) info together with the password.
可以说我可以将它嵌入可执行文件但是如果我解决了第二个问题,那就是加密密码不一样每次这样我怎么能使用一些时间戳或计数器?服务器和客户端如何知道计数器的值或时间的值?
lets say that i can embded it in the executable but if i solve the second issue which is the encryption of the password not be the same each time so how can i use some timestamp or counter? how can both server and client know the value of the counter or the value of the time?
这篇关于在C#中加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
