一个简单的,中等安全的登录协议? [英] A simple, medium secure,login protocol?
问题描述
我在此处询问了有关我要实施的协议的信息,以及它的安全性.由于从一开始就很明显它很烂.正是如此,我问:
I asked here about a protocol that I was asked to implement, and how secure it was. Since it seemed clear from the very beginning that it was shit. Being so I ask:
你们能给我指出一些非常简单的登录协议(在密码系统中我为空)吗?我正在开发应用程序的服务器端和客户端,并且我有自己的Messenger系统,因此我有足够的自由.
Can you guys point me to some very simple login protocol (I am null at cryptography systems)?? I am developing both server and client side of the application and I have my own messengering system, so I have enough freedom.
仅2个特殊特征可为您提供建议.
Only 2 special characteristics for your suggestions.
-
简单:此应用程序要运行的网络不是特别安全,我只想避免以纯文本格式发送密码
Simple: the network this application is going to run over is not specially insecure and I only want to avoid the sending of the password in plain text
如果可能,消息的交换时间不要太长.越短越好.
If possible, not a too long interchange of messages. The shorter, the better.
推荐答案
查看挑战响应身份验证
- 服务器在登录表单中包含随机质询字符串
- 登录时,javascript会先对密码进行哈希处理,然后对挑战进行哈希处理
- 然后服务器执行相同的检查(您的数据库应存储散列密码,但是此方法会阻止您有效地对散列使用盐,因为您必须广播此密码)
这篇关于一个简单的,中等安全的登录协议?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!