JavaScript的非对称加密和认证 [英] Javascript asymmetric encryption and authentication

问题描述

这里的某些人都在开发其采用通过登录一些安全区访问的应用程序。在过去，登录表单和随后的安全页面都是纯文本通过HTTP传输的，因为它是一个应用程序，出去的共享服务器上使用，其中有一种能够使用SSL的机会不大（想想字preSS等）。大多数人只是耸耸肩因为这是他们所预期的 ​​- 这是几乎没有一个国家银行

Some of the guys here are developing an application which incorporates some 'secure areas' accessible by logging in. In the past, the login form and subsequent 'secure' pages were all plain text transmitted over http, as it's an application that goes out for use on shared servers where there is little chance of being able to use SSL (think WordPress and the like). Most people just shrugged their shoulders as that's all they expected - it's hardly a national bank.

我们现在想写使用JavaScript前端的下一个版本，与加载所有图片及的优势; CSS一次，然后用ExtJS的（或可能的jQuery）编写HTML到DOM其后。我们希望在客户端被发送到服务器之前加密用户输入，然后被呈现为HTML以便引入用户某种安全之前，在浏览器解密服务器输出。也有获得与减少网页加载时间可以了，因为我们只发送gzip压缩的JSON来回。

We are now thinking of writing the next version using a JavaScript front end, with the advantage of loading all the images & CSS once, then writing HTML into the DOM thereafter with extJS (or maybe jQuery). We'd like to encrypt user input at the client before being sent to the server, then decrypt server output at the browser before being rendered to HTML so as to introduce some sort of security for users. There are also gains to be had with reducing page loading times, as we're only sending gzipped JSON back and forth.

在玩耍，我们意识到，我们在看加密的基本的东西的方法也涨了一倍，作为首先登录的认证机制。

While playing around, we realised that the method we were looking at to encrypt the basic stuff also doubled up as an authentication mechanism for login in the first place.

为了简单...

• 的用户连接到登录页面超过标准的HTTP，在浏览器下载包含散列算法和加密算法（SHA-256和AES为例）JavaScript的包。


• 用户输入用户名，密码和秘密进入登录表单。


• 的浏览器的JavaScript发送的用户名哈希和密码来通过AJAX服务器。在秘密只存储在JavaScript和在互联网上永远不会发送。


• 服务器查找散列和检索用户名和秘密从数据库中。


• 服务器发送用户名的哈希值（相同的算法浏览器）和秘密返回给浏览器。


• 浏览器的JavaScript创建用户名和秘密的哈希值，并将其与哈希从服务器​​发回


• 如果它们是相同的，浏览器的JavaScript加密响应与秘密，并将消息发送回服务器


• 服务器进行解密秘密找到预期的响应并启动一个新的会话。
  
• 随后的通信进行加密，以秘密解密两种方式。

• The user connects to the login page over standard http, where the browser downloads the JavaScript package containing the hashing and encryption algorithms (SHA-256 and AES for example).
• User enters username, password and secret into a login form.
• The browser JavaScript sends a hash of username and password to the server via AJAX. The secret is only stored in JavaScript and is never sent across the internet.
• The server looks up the hash and retrieves username and secret from the database.
• The server sends a hash (same algorithm as the browser) of username and secret back to the browser.
• The browser JavaScript creates a hash of username and secret and compares it to the hash sent back from the server.
• If they are the same, the browser JavaScript encrypts response with secret and sends the message back to the server.
• The server decrypts the message with secret to find the expected response and starts a new session.
• Subsequent communications are encrypted and decrypted both ways with secret.

有似乎是这种类型的系统的一些优势，但我们的看法正确的：

There seem to be a few advantages of this type of system, but are we right in thinking:

• 的用户知道如果服务器管理创建用户名和秘密的哈希他们谈论到他们的服务器，证明了服务器知道和了解用户名和秘密。


• 服务器知道用户是真实的，如果他们管理与秘密，证明用户知道加密响应秘密。


• 在任何时候为秘密以纯文本形式不断传播，或者是有可能确定秘密从哈希


• 嗅探器将只找出安全URL和检测查询字符串COM pressed哈希和加密。如果他们发送一个请求向是畸形的URL，没有给出响应。如果他们以某种方式设法猜测一个适当的请求，他们仍然必须能够解密。

• The user knows they are talking to their server if the server manages to create a hash of username and secret, proving the server knows and understands username and secret.
• The server knows the user is genuine if they manage to encrypt response with secret, proving the user knows secret.
• At no time is secret ever transmitted in plain text, or is it possible to determine secret from the hash.
• A sniffer will only ever find out the 'secure' URL and detect compressed hashes and encryptions in the query string. If they send a request to to the URL that is malformed, no response is given. If they somehow manage to guess an appropriate request, they still have to be able to decrypt it.

这一切似乎不够快，是潜移默化的给用户。任何人都可以看透这一点，大家都只是假定我们不应该使用JavaScript加密玩！

It all seems quick enough as to be imperceptible to the user. Can anyone see through this, as we all just assumed we shouldn't be playing with JavaScript encryption!

推荐答案

不要这样做。请使用SSL / TLS。请参见的Javascript密码是有害的。

Don't do this. Please use SSL/TLS. See Javascript Cryptography Considered Harmful.

这篇关于JavaScript的非对称加密和认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！