Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
editAsk a Question
Welcome To Ask or Share your Answers For Others

Categories

web端与服务端交互,签名算法一直被破解怎么办?

in Technique[技术] by (71.8m points)

签名算法已经被破解了好几次了,至少尝试过以下几种:

  1. 增加sign附加参数,使用字典排序+时间+随机数+密钥签名
  2. 类似网易签名算法,只传两个参数
  3. 类似抖音签名算法,需要浏览器环境(使用dom,canvas对象)

但是都被破解了。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
539 views
Welcome To Ask or Share your Answers For Others

1 Answer

by (71.8m points)

安全攻防,首先考虑你的环境,如果你的所有加密(或者签名)行为都在客户端代码里面,那就是尽量的降低客户端代码的可读性,加大分析难度(如果是靠浏览器的web,开放度太高,你基本上可以放弃了)。

换位思考一下如果自己是主动攻击方,我能用哪些手段来达成目的,那基本上你就会对做被动安全防御放弃治疗了。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

548k questions

547k answers

4 comments

86.3k users

Most popular tags

Theme made by Momin Raza, Modified by Ostack
Powered by Question2Answer
...