Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Ask a Question
Welcome To Ask or Share your Answers For Others

Categories

web端与服务端交互,签名算法一直被破解怎么办?

0 votes
376 views
in Technique[技术] by (71.8m points)

web端与服务端交互,签名算法一直被破解怎么办?

签名算法已经被破解了好几次了,至少尝试过以下几种:

  1. 增加sign附加参数,使用字典排序+时间+随机数+密钥签名
  2. 类似网易签名算法,只传两个参数
  3. 类似抖音签名算法,需要浏览器环境(使用dom,canvas对象)

但是都被破解了。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

安全攻防,首先考虑你的环境,如果你的所有加密(或者签名)行为都在客户端代码里面,那就是尽量的降低客户端代码的可读性,加大分析难度(如果是靠浏览器的web,开放度太高,你基本上可以放弃了)。

换位思考一下如果自己是主动攻击方,我能用哪些手段来达成目的,那基本上你就会对做被动安全防御放弃治疗了。


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

2.1m questions

2.1m answers

60 comments

56.8k users

Most popular tags

Powered by Question2Answer
Donate
Theme by Q2A Market&&OStack.cn
...