这些问题并非是冷战时期的具体内容,但我认为我必须指出:
洗 The点是,要说明向服务器发送什么,以便制作与亚洲开发银行相匹配的座标。 如果你把客户的扼杀与非行的条目相匹配,那么你就重新打败了这一目的。
它破裂。 有一些失败的方法。 不用。
- If you re worried about the password being exposed on the way to the server, use TLS.
TLS的目的在于使客户与服务器之间的通信向任何其他人开放。 最大的问题是最近遭受的贝特亚袭击,如果你正确执行,那就赢得了工作。
- Use a secure hash like SHA-256.
我们知道,SHA-256非常安全。 众所周知的袭击减少了2个轨道的时间复杂性,使攻击成为现实。
- Use a random salt, unique to each user.
2个半轨道空间的预定雨水表将包含256个储存的排泄物,2个^256个空间将多得多。 然而,由于出生日的问题,可以想象,如果你不给他们的海螺,你的一些用户账户可能会受损。
- Hash multiple times. On the order of thousands of times.
如果贵国的行文受到损害,则“散列”可能意味着你的平均用户密码在几年内找到。 如果你有数千次,这意味着数千年。
还要补充几点,以纠正它认为的误解:
- A cryptographic hash is one-way. You can t decrypt it. If you find a practical way to decrypt it, then you will become rich and (in)famous.
- Standard HTTP is not secure. Anyone can eavesdrop and intercept your password that is being POSTed in plaintext, or hashed. If your server doesn t demand an encrypted connection for sensitive data, you re asking for a replay attack (http://en.wikipedia.org/wiki/Replay_attack).
- You can make your own SSL certificate. If you re worried about your users seeing "this SSL Cert is self signed! Oh noes!" and being scared off, either do without and take the risk, or cough up the cash.
