PHP和Javascript之间的加密/解密 [英] Encryption/Decryption between PHP and Javascript
问题描述
我希望扩大这个问题:
将POST变量混淆在Javascript& PHP
I am looking to expand beyond this question: Obfuscating POST variables between Javascript & PHP
我想到了这个解决方案: http://pastebin.com/YuAAZTLi
Where I came up with this solution : http://pastebin.com/YuAAZTLi
它工作在95%的时间,但5%我不能真正处理。在两个不同的服务器的时候很难真正做到这一点。使用这些变量发送的腐烂是太容易破解的。
It work's 95% of the time but the 5% I can't really deal with. It's hard to really base it on the time of two different servers. And sending the rot with the variables is just too easy to crack.
我需要一些希望改变每一次的东西,因为我不想要HTTP POST请求被重复。在允许md5类型加密的javascript和PHP之间交替存在什么样的方法。其中
I need something that changed each and every time hopefully, because I dont want the HTTP POST requests just to be duplicated. What encyrption methods exist interchangeably between javascript and PHP that allow for md5 type encryption. Where
4500看起来像Dusfh7sfSFJf78dfns8和4501类似于JF7Fhene7fdHfdshf6d ..即使它们是1位数字,也是一样的。
4500 looks something like Dusfh7sfSFJf78dfns8 and 4501 something like JF7Fhene7fdHfdshf6d ..nothing alike even though they are 1 digit off.
外部图书馆是允许的,但请确保您连接了一个php和javascript对应。
External Librarys are permitted but please make sure you link both a php and javascript counterpart.
推荐答案
处理用户登录的情况,但是我在此答案中提出了一个协议,并且asker 运行它并编码了一个HTTP嗅探器PHP-to-JavaScript登录表单实现。
It's somewhat specific to the case of handling user login, but I proposed a protocol in this answer, and the asker ran with it and coded up an HTTP-sniffer-resistant PHP-to-JavaScript login form implementation.
方案的要点:
- 生成随机随机数值;这有助于防止重播攻击。
- 将$ non-value和密码salt发送到
的浏览器,其余的登录表单。
- 您正在使用salted
和散列表格存储密码,对吗?
- 在
的服务器上保留随机数值;不要信任客户端
回传给你,或者您的重播
保护已经消失。
该方案的弱点是
数据库中的密码哈希
在某种意义上与密码相当;
,它可能不可行
提取用于
的原始密码产生这些哈希值,
存储哈希的知识足以使
模拟您的网站上的用户。
The weakness of this scheme is that the password hashes in the database are in some sense password-equivalent; while it's likely infeasible to extract the original password used to produce those hashes, knowledge of the stored hash is sufficient to impersonate the user on your site.
这篇关于PHP和Javascript之间的加密/解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
