使用Diffie-Hellman密钥交换和AES对HTTP进行客户端加密 [英] Client-side encryption over HTTP with Diffie-Hellman Key Exchange and AES
问题描述
在 Diffie-Hellman密钥交换上观看YouTube视频后,我想尝试使用JavaScript实现(Atwood的法律)。
我使用以下规则在Node.js上绘制了一个密码:
-
步骤1:客户端和服务器同意共享密钥:
-
客户端&服务器以一个512位的公钥pK开始pK
-
客户端生成一个512位的主密钥kC并发送powMod(3,kC,pK)
/ li>
-
服务器生成一个512位的主密钥kS并发送powMod(3,kS,pK)
-
客户端&安培;服务器使用powMod(响应,私钥,pK)作为共享密钥
-
-
步骤2: p>
-
在客户端发送数据之前,使用Stanford Javascript Crypto Library(256bit AES,HMAC认证,PBKDF2密码)使用共享密钥进行加密加密和CCM认证加密。)
-
一旦服务器使用共享密钥解密数据,它将生成一个新的512位主要私钥,并将其作为一个SJCL加密的响应。
-
客户端和服务器使用powMod(3,prevSharedKey,newPrivKey)切换到新的共享密钥
-
现在我有几个问题..
$ b $这种系统与HTTPS或其他算法相比有多安全?这种系统的最弱点是什么?
在安全性/实用性方面,使用1024位密钥更好的安全性会更好吗? HMAC / PBKDF2 / CCM选项是否超标?是否值得调制共享密钥?感谢您阅读!
我看过这样的问题 –这是完全不安全 由于一些原因,其中最重要的一个事实是,JavaScript客户端无法验证服务器的密钥是否可信。
简而言之,没有SSL,您很容易受到人中间人的袭击没有基于浏览器的JavaScript加密实现可以克服这个事实。
After watching a YouTube video on the Diffie-Hellman Key Exchange, I wanted to try an implementation in JavaScript (Atwood's law).
I sketched up an cipher on Node.js with the following rules:
Step 1: Client and server agree on a shared key:
Client & server start with a 512bit prime public key pK
Client generates a 512bit prime private key kC and sends powMod(3, kC, pK)
Server generates a 512bit prime private key kS and sends powMod(3, kS, pK)
Client & Server use powMod(response, privatekey, pK) as the shared key
Step 2: Communication
Before a client sends data it is encrypted with the shared key using the Stanford Javascript Crypto Library (256bit AES, HMAC authentication, PBKDF2 password strengthening, and CCM authenticated-encryption.)
Once the server decrypts the data with the shared key, it generates a new 512bit prime private key and sends it as a SJCL encrypted response.
The client and server switch to a new shared key using powMod(3, prevSharedKey, newPrivKey)
Now I have a few questions..
How secure would such a system be in comparison with HTTPS or other algorithms? What are the weakest points of such a system?
In terms of security / practicality, would it be better to use 1024 bit keys for stronger security? Are the HMAC/PBKDF2/CCM options overkill? Is it worth modulating the shared key? Thanks for reading!
I've seen questions like this before – this is completely insecure for a number of reasons, foremost of which is the fact that it is impossible for a JavaScript client to verify that the server's key is authentic.
In a nutshell, without SSL, you are vulnerable to man-in-the-middle attacks. No browser-based JavaScript crypto implementation can overcome this fact.
这篇关于使用Diffie-Hellman密钥交换和AES对HTTP进行客户端加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
