在本地存储和加密密码 [英] Store and encrypt a password locally

问题描述

我正在为需要使用用户名和密码进行身份验证的服务编写QML客户端.目前，我正在使用c ++插件加密和解密密码，但是我想用普通的QML替换它，以避免平台特定的二进制文件.

I'm writing a QML client for a service that needs authentication with a username and password. At the moment I am using a c++ plugin to encrypt and decrypt the password, but I'd like to replace that with plain QML to avoid the platform-specific binary.

没有选择:

• 对加密密钥进行硬编码(因为可以从包中提取出来)
• 散列(因为我需要能够以纯文本格式恢复密码)
• 显而易见的安全性

推荐答案

有时会出现此类问题(只需搜索stackoverflow)，并且-基本上，一旦数据/代码驻留在客户端，客户端就会能够访问它们.您可以使其更加困难. (我知道您希望再有一个答案，但是根据您的问题，您发现满足非选项"的要求后，您的选项就用光了)

There is this type of question from time to time (just search the stackoverflow) and - basically once the data/code reside on the client's side, the client will be able to access them. You can just make it more difficult. (I know you hoped for another answer, but based on your question you've figured it out that placing the "Not an option" requirements, you ran out of options)

许多答案都建议使用凭证保险库服务，但是您也需要在客户端的某个位置提供服务凭证.

Many answers suggest using credential vault services, but you need to have the service credentials somewhere on the client's side too.

(只需搜索一些公司在DRM上投入了多少资金，以及它保持不间断的时间有多长)

(just search how much money invest some companies in DRM and how long it stay unbroken)

实际上，您可以在某处加密/隐藏凭据，但是您需要具有可用的位置和解密密钥.根据我的经验，一旦配置中的凭据不是纯文本的，大多数用户将放弃，但是很难停止专用用户".

Indeed you could encrypt / hide the credentials somewhere, but you need to have the location and decryption key available. According to my experience most of the users will give up once the credentials in the configuration are not plaintext, but it is difficult to stop a "dedicated user".

最后-恕我直言，在有限的时间/预算范围内，您可以做的最好的事情就是隐藏/加密凭据，以使它们不可见:(

At the end - IMHO the best you could do with limited time/budget is hide/encrypt the credentials to get them out of plain sight :(

这篇关于在本地存储和加密密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！