不对称和对称的密钥存储
I'm working on an ajax portal and I need some advice. My client wants it fairly secure but doesn't want to deal with ssl. There is no ultra sensitive data to store so I'm doing a custom "handshake" when the page initializes.
Since every session I'm dealing with 2 new sets of asymetric key and some symetric one as well, I want to know how you would handle these keys. This is probably going to reside on a shared host and I've read everywhere that the session file can't really be trusted in that case...
Right now I'm storing some info in the session file pointing to the right keys, which are in a database. Everything works just fine as it is (well, I think :))... Now I want to delete the keys from the database when the user session ends, so I don't end up with tables filled with useless keys.
Even if I knew it is BAD, I tried an ajax call when closing the window/browser... this is indeed BAD and inconsistent, so this option is out of the way. I also thought about a cron job to erase every key dating more than a couple of days, but it kind of feels "unfinished" to me...
My question is: I'm wondering how does ssl handles its keys? Where are they stored while the user session lasts? How do you deal/would deal with this?
EDIT
Yep, I should have known that this question would lead to that.
I know that ssl would be the best option and it is to my own regret that I have coded my application. I'll talk some more to my client about it, but I have little hopes. If he still wants to go http, I won't risk to loose the contract to proove my point and I'll have an alternative to protect its unsensitive data (login info kinda, no credit card...).
Yes, "fairly secure" is appropriate since no system is completely secure. "Fairly secure" means that a wannabe hacker who just downloaded wireshark, or watched a video on youtube to do a man in the middle attack won't be able to get in. I would say that it is already a lot better than all the multi billions gaming companies who recently been put to shame by some teenagers.
The correct answer goes to Nasko who answered part of my question and made some obvious recommendation, without being cocky at that.
我正在开发一个ajax门户网站,我需要一些建议。 我的客户希望它相当安全,但不想处理ssl。 没有超敏感数据要存储,所以我在页面初始化时正在进行自定义“握手”。 p>
由于每个会话我都在处理2套新的非对称密钥和一些 也是对称的,我想知道你将如何处理这些键。 这可能会驻留在共享主机上,而且我已经读过在这种情况下会话文件真的不可信任... p>
现在我正在存储一些 会话文件中的信息指向数据库中的右键。 一切都运行得很好(好吧,我认为:))...现在我想在用户会话结束时从数据库中删除密钥,所以我最终得不到填满无用密钥的表。 p>
即使我知道它是坏的,我在关闭窗口/浏览器时尝试了一个ajax调用......这确实很糟糕且不一致,所以这个选项已经不在了。 我还考虑过一个cron工作来删除每一个关键约会超过几天,但它对我来说感觉“未完成”...... p>
我的问题是: em>我想知道ssl如何处理它的密钥? 用户会话持续时它们存储在哪里? 你如何处理/处理这个? p>
编辑 p>
是的,我应该知道这个问题会导致这一点。 p >
我知道ssl将是最好的选择,我自己也很遗憾我编写了我的应用程序。 我会再和我的客户谈谈这件事,但我没什么希望。 如果他仍然想要去http,我不会冒险放弃合同以证明我的观点,我将有另一种选择来保护其不敏感的数据(登录信息有点,没有信用卡......)。 p>
是的,“相当安全”是合适的,因为没有系统是完全安全的。 “相当安全”意味着一个想要下载wireshark,或者在youtube上观看视频以便在中间攻击中做一个人的想要的黑客,将无法进入。我会说它已经比所有的更好了 最近被一些青少年羞辱的数十亿游戏公司。 p>
正确答案是Nasko,他回答了我的部分问题并提出了一些明显的建议,而不是自大。 / p>
div>
SSL generates symmetric key for each handshake it completes and stores it in memory (unless the session cache is written to disk).
That said, I would suggest to avoid doing your own crypto protocol, since you are bound to make a mistake. Even the best crypto people make mistakes, so I wouldn't recommend anyone doing it for the sake of doing it.
Figure out what the problems are that your client perceives with SSL and address those. This way you use standard technology that is proven to work and your customer is happy at the end.
'Secure' is a binary state. There is no such thing as 'fairly' secure.
Your hope of implementing something as cheap and effective as SSL is approximately zero. Don't bother. Unless the client is the US DoD he can't afford it anyway.