在文本框中键入时的密码加密 [英] Password encryption while typing in a textbox

问题描述

嗨..

有没有什么方法可以在文本框中输入值时进行加密？

我需要在客户端进行密码加密，然后必须在数据库中存储不同的加密值以进行安全审核..请帮我解决这个问题..

Hi..
Is there any way where i can do the encryption while input values in a textbox??
I need to do Password encryption in client side and then have to store different encrypted value in the database for secure auditing.. Please help me out with this..

推荐答案

你可以但它没用。

让我们假设你做到了。首先，只有在不再更改字段时才应加密字段的值，大多数算法在您输入时不会容忍此。但是，您可以在发布表单之前使用javascript事件处理程序对值进行加密。

但是你不知道为什么不使用它？因为如果你想在客户端进行加密，你需要在客户端拥有所有逻辑和密钥，你需要向客户端发送（当我们说web时）所有逻辑和密钥。如果在通过http旅行时可以捕获加密文本，那么也可以捕获逻辑和密钥。不过，如果你愿意，只需使用这样的库： https://github.com/travist/jsencrypt [ ^ ]。

所以你最好加密通过使用https进行通信。



另一方面，以加密形式存储密码是一种很好的做法。但不是最好的，你根本不应该存储密码。您应该能够比较密码，但不知道密码本身。怎么做？通过使用良好的哈希算法，以及一些盐。这是一个非常好的描述如何继续： https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet [ ^ ]。这也是一个很好的讲座： http://www.captechconsulting.com/blog / kevin-hazzard / best-practices-managing-customer-passwords [ ^ ]



我希望你的项目能够成功。

You could but it is useless.
Let's assume, you do it. First of all, you should encrypt the value of the filed only when it's not changed anymore, most algorithms won't tolerate this while you type. You could however encrypt the value using a javascript event handler just before the form is posted.
But haven't you wondered why this is not used? Because if you want to encrypt on client side, you need to have all logic and keys on client side, you need to send (when we speak of web) all logic and keys to the client side. If one can capture the encrypted text when travelling over http, that one can also capture the logic and keys also. Still, if you want to, just use a library like this: https://github.com/travist/jsencrypt[^].
So you better encrypt the communication, by using https.

On the other hand storing passwords in an encrypted form is a good practice. But not the best, you should not store passwords at all. You should be able to compare passwords but without knowing the password itself. How to do that? By using a good hash algorithm, and some "salt". This is a really good description of how to proceed: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet[^]. This is also a good lecture: http://www.captechconsulting.com/blog/kevin-hazzard/best-practices-managing-customer-passwords[^]

I hope you will succeed in your project.

请参考我最近的回答。它对您有用：加密使用对称密钥加密技术解密数据 [ ^ ]



问候..

Please refer my recent answer. It will be useful for you : Encrypt and decrypt data using symmetric key cryptography[^]

Regards..

这篇关于在文本框中键入时的密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！