(In the last lesson, we learned about symmetric encryption and asymmetric encryption, and the hybrid encryption that combines the two to achieve confidentiality.But only confidentiality is far from security.Although hackers cannot obtain the session key or crack the ciphertext, they can collect enough ciphertext through eavesdropping, and then try to modify, reorganize and send it to the website. Because there is no integrity guarantee, the server can only "accept all orders", and then he can get further clues through the server's response, and finally crack the plaintext.In addition, hackers can forge identities to publish public keys. If you get a fake public key, hybrid encryption is completely useless. You think you are communicating with "a treasure", but in fact, the other end of the network cable is a hacker. Sensitive information such as bank card number and password are stolen in the process of "secure" communication.Therefore, integrity, identity authentication and other features must be added on the basis of confidentiality in order to achieve real security.)
收藏
