我想加密客户端上的密码(angular.js),将其发送到服务器(express.js)并在服务器上解密.我想要一个简单的方法.我使用$http来POST请求.
我知道退出angular-bcrypt库并且在nodeJS中也是如此,但对我来说不值得,因为它只有方法比较.
我想要这样的东西:
password = document.getElementById('txtPassword').value;
var xorKey = 129; /// you can have other numeric values also.
var result = "";
for (i = 0; i < password.length; ++i) {
result += String.fromCharCode(xorKey ^ password.charCodeAt(i));
}
但是,我只在c#中找到了解密方法:
public bool Authenticate(string userName, string password)
{
byte result = 0;
StringBuilder inSb = new StringBuilder(password);
StringBuilder outSb = new StringBuilder(password.Length);
char c;
for (int i = 0; i < password.Length; i++)
{
c = inSb[i];
c = (char)(c ^ 129); /// remember to use the same XORkey value you used in javascript
outSb.Append(c);
}
password = outSb.ToString();
// your rest of code
}
任何的想法?非常感谢你. :P
解决方法:
密码永远不应该被解密.它们应该使用单向加密进行散列.服务器应提供nonce,以便客户端在每次登录时返回不同但可验证的答案.
所有密码都应进行哈希,盐渍和拉伸.如果可以解密,则不安全.见Serious Security: How to store your users’ passwords safely.
我最喜欢的答案:
You need a library that can encrypt your input on client side and transfer it to the server in encrypted form.
You can use following libs:
- 07002. Client-Server asymmetric encryption over Javascript
Update after 3 years:
- 07003
Update after 4 years (Wohoo!)
- 07004
- 07005
Still not convinced? Neither am I
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
