如果有人知道你的 SHA-1 证书指纹:，有多“危险"就是它? [英] If someone knows your SHA-1 certificate fingerprint:, how "dangerous" is that?

问题描述

我是 Android 新手，我看到很多人隐藏了他们的 SHA-1 证书指纹.我使用谷歌播放服务开发了一个应用程序并与某人共享.它有我的 SHA-1 证书指纹.黑客知道我的 SHA-1 证书是否会造成任何损害.

I'm new to android, I have seen many people hiding their SHA-1 certificate fingerprint. I have developed an app using google play services and shared it with someone. It has my SHA-1 certificate fingerprint in it. Can a hacker do any damage knowing my SHA-1 Certificate.

谢谢.

推荐答案

证书指纹是从证书中计算出来的.证书本身是公开信息，并在 SSL/TLS 握手期间以明文形式传输.这也使指纹成为公开信息，即通常不会被他人知道.

The certificate fingerprint is calculated from the certificate. The certificate itself is public information and transferred in clear during the SSL/TLS handshake. Which makes the fingerprint public information too, i.e. there is usually no danger in having it known by others.

但是人们可能会构建一种可能很危险的情况.例如，如果您的应用程序使用指纹来验证它是否连接到正确的站点，而该站点是非法站点，而您知道这一点.在这种情况下，您可能会尝试将您与非法活动联系起来，因为您在申请中包含了此证书的指纹.

But one could probably construct a situation where this might be dangerous. For example if your application uses the fingerprint to verify that it connects to the correct site and this site is an illegal site and you know this. In this case one could probably try to associate you with illegal activities from the fact that you've included the fingerprint of this certificate in your application.

这篇关于如果有人知道你的 SHA-1 证书指纹:，有多“危险"就是它?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！