安全地存储访问令牌 [英] Securely storing an access token
问题描述
生命访问令牌与特定服务的用户名和密码一样好,但是与其他人交谈似乎最多(我自己包括)以纯文本形式存储访问令牌。这似乎与在纯文本中存储密码一样糟糕。显然,不能盐&哈希令牌。
理想情况下,我想加密它们,但我不确定最好的方法,特别是在开源项目上。 p>
我想象这个问题的答案与存储支付信息和PCI合规性相似,但我也会问为什么不再讨论这个问题?也许我错过了一些东西。
你只想验证其他人提供的令牌吗?如果是这样,请按照密码进行处理。使用字节推导算法,如基于密码的密钥导出函数2(PBKDF2)(也在 RFC 2898 ),共有10,000次迭代,并存储前20个字节。收到令牌时。它不是几乎可逆的。
您要向其他人呈现令牌进行身份验证吗?如果是这样,这是一个挑战,因为如果您的应用程序可以解密或以其他方式访问令牌,攻击者也是如此。认为香农的Maxim,攻击者知道系统,特别是一个开源项目。在这种情况下,最好的方法是使用强大的算法(如AES256)对令牌进行加密,使用强密码标准随机数生成器生成密钥,并存储密钥(例如在上述示例中的数据库之外的许可保护文件中)安全地存储在数据的不同位置。后者意味着SQL注入攻击不会显示密钥。
What security measures should I put in place to ensure that, were my database to be compromised, long-life access tokens could not be stolen?
A long-life access token is as good as a username and password for a particular service, but from talking to others it seems most (myself included) store access tokens in plain text. This seems to be to be just as bad as storing a password in plain text. Obviously one cannot salt & hash the token.
Ideally I'd want to encrypt them, but I'm unsure of the best way to do this, especially on an open source project.
I imagine the answer to this question is similar to one on storing payment info and PCI compliance, but I'd also ask why there isn't more discussion of this? Perhaps I'm missing something.
Do you just want to verify a token provided by others? If so, treat it as you would a password. Use a byte derivation algorithm like Password Based Key Derivation Function 2 (PBKDF2) (also described in RFC 2898) with 10,000 iterations and store the first 20 bytes or so. When the token is received. It is not practically reversible.
Do you want to present the token to others for authentication? If so, this is a challenge because, if your application can decrypt or otherwise get access to the token, so can an attacker. Think Shannon's Maxim, the attacker knows the system, especially for an open source project.
In this case, the best approach is to encrypt the tokens with a strong algorithm (e.g. AES256), generate keys using a strong cryptographic standard random number generator and store the key(s) securely in a different location to the data, such as in a permission protected file outside the database in the example above. The latter means that SQL injection attacks will not reveal the keys.
这篇关于安全地存储访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
