安全地存储访问令牌 [英] Securely storing an access token

问题描述

我应该采取哪些安全措施来确保在我的数据库遭到破坏时，长寿命访问令牌不会被盗?

What security measures should I put in place to ensure that, were my database to be compromised, long-life access tokens could not be stolen?

长期访问令牌与特定服务的用户名和密码一样好，但从与其他人的交谈来看，似乎大多数(包括我自己)以纯文本形式存储访问令牌.这似乎与以纯文本形式存储密码一样糟糕.显然不能加盐&散列令牌.

A long-life access token is as good as a username and password for a particular service, but from talking to others it seems most (myself included) store access tokens in plain text. This seems to be to be just as bad as storing a password in plain text. Obviously one cannot salt & hash the token.

理想情况下，我想对它们进行加密，但我不确定这样做的最佳方法，尤其是在开源项目中.

Ideally I'd want to encrypt them, but I'm unsure of the best way to do this, especially on an open source project.

我想这个问题的答案类似于存储支付信息和 PCI 合规性的答案，但我还想问为什么没有更多讨论?也许我错过了什么.

I imagine the answer to this question is similar to one on storing payment info and PCI compliance, but I'd also ask why there isn't more discussion of this? Perhaps I'm missing something.

推荐答案

你只是想验证别人提供的令牌吗?如果是这样，请像对待密码一样对待它.使用字节派生算法，如 基于密码的密钥派生函数 2 (PBKDF2)(也在 RFC 2898) 10,000 次迭代并存储前 20 个字节左右.收到令牌时.它实际上是不可逆的.

Do you just want to verify a token provided by others? If so, treat it as you would a password. Use a byte derivation algorithm like Password Based Key Derivation Function 2 (PBKDF2) (also described in RFC 2898) with 10,000 iterations and store the first 20 bytes or so. When the token is received. It is not practically reversible.

您要向其他人出示令牌以进行身份​​验证吗?如果是这样，这是一个挑战，因为如果您的应用程序可以解密或以其他方式访问令牌，那么攻击者也可以.想想 Shannon 的 Maxim，攻击者了解系统，尤其是对于开源项目.

Do you want to present the token to others for authentication? If so, this is a challenge because, if your application can decrypt or otherwise get access to the token, so can an attacker. Think Shannon's Maxim, the attacker knows the system, especially for an open source project.

在这种情况下，最好的方法是使用强大的算法(例如 AES256)加密令牌，使用强大的加密标准随机数生成器生成密钥，并将密钥安全地存储在与数据不同的位置，例如在上面示例中的数据库之外的权限保护文件中.后者意味着 SQL 注入攻击不会泄露密钥.

In this case, the best approach is to encrypt the tokens with a strong algorithm (e.g. AES256), generate keys using a strong cryptographic standard random number generator and store the key(s) securely in a different location to the data, such as in a permission protected file outside the database in the example above. The latter means that SQL injection attacks will not reveal the keys.

这篇关于安全地存储访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！