52ky 发表于 2022-4-28 08:47:10

固若金汤的根本(下):数字签名与证书.pdf

在上一课中,我们了解了对称加密和非对称加密,以及将两者结合起来实现机密性的混合加密。
但只有机密性远非安全性。
黑k虽然无法获得会话密钥,也无法破解密文,但他们可以通过窃听收集到足够多的密文,然后尝试对其进行修改、重组并发送到网站。因为没有完整性保证,服务器只能“接受所有订单”,然后他可以通过服务器的响应获得进一步的线索,最终破解明文。
此外,黑k还可以伪造身份来发布公钥。如果你得到一个假的公钥,混合加密是完全没用的。你以为自己在与“某宝”通信,但实际上,网线的另一端是黑k,银行卡号、密码等敏感信息在“安全”通信过程中被盗。
因此,必须在保密性的基础上,增加完整性、身份认证等特性,才能实现真正的安全。

(In the last lesson, we learned about symmetric encryption and asymmetric encryption, and the hybrid encryption that combines the two to achieve confidentiality.But only confidentiality is far from security.Although hackers cannot obtain the session key or crack the ciphertext, they can collect enough ciphertext through eavesdropping, and then try to modify, reorganize and send it to the website. Because there is no integrity guarantee, the server can only "accept all orders", and then he can get further clues through the server's response, and finally crack the plaintext.In addition, hackers can forge identities to publish public keys. If you get a fake public key, hybrid encryption is completely useless. You think you are communicating with "a treasure", but in fact, the other end of the network cable is a hacker. Sensitive information such as bank card number and password are stolen in the process of "secure" communication.Therefore, integrity, identity authentication and other features must be added on the basis of confidentiality in order to achieve real security.)




页: [1]
查看完整版本: 固若金汤的根本(下):数字签名与证书.pdf