简体繁体 English

以纯文本形式在内存中短暂存储用户密码是否安全？

[英]Is it safe to briefly have a user's password in memory in plain text?

原文 2015-02-15 08:17:25 8 3 security/ encryption/ hash/ passwords

Thinking about how big sites usually have you log in, there seems to be a point in time where company servers have your password in memory in plain text. 考虑一下您通常登录的网站数量，似乎在某个时间点，公司服务器将密码以纯文本形式存储在内存中。 Is this true, and is it safe? 这是真的，并且安全吗？

This is something like how most big sites have you log in: 就像您登录大多数大型网站一样：

Enter password in browser 在浏览器中输入密码
Encrypt password in-browser using asymmetric encryption public key 使用非对称加密公钥对浏览器中的密码进行加密
Send password to site 发送密码到网站
Decrypt password using asymmetric encryption private key 使用非对称加密私钥解密密码
Hash password using one-way hashing algorithm (and salt) 使用单向哈希算法（和盐）哈希密码
Compare hashed password to similarly hashed password in database 将哈希密码与数据库中类似的哈希密码进行比较
If hashes match, successful log in. Otherwise, failed log in. 如果哈希匹配，则成功登录。否则，登录失败。

Look between steps 4 and 5 在第4步和第5步之间浏览

Decrypt password using asymmetric encryption private key 使用非对称加密私钥解密密码
4.5. 4.5。 Briefly have some variable server-side with plain text password 简要地在服务器端设置一些带有纯文本密码的变量
Hash password using one-way hashing algorithm (and salt) 使用单向哈希算法（和盐）哈希密码

This means that while the whole hashing scheme is to prevent an attacker from gaining access to passwords EVEN IF the server is compromised, a skilled hacker could get at it anyway. 这意味着，尽管整个散列方案是为了防止攻击者即使在服务器受到威胁的情况下也无法访问密码，但熟练的黑客仍然可以使用它。

Is there something I missed? 有什么我想念的吗？ More importantly, is there a safer alternative? 更重要的是，有没有更安全的选择？

3 个解决方案

Yes it is "safe" since whatever is in memory is in your server's memory and should not be able to be read externally. 是的，它是“安全的”，因为内存中的任何内容都位于服务器的内存中，并且不应从外部读取。

Safe is in quotes as everything is relative and the risk level depends on your perceived threat model - ie what threats are you trying to defend against? 安全是用引号引起来的，因为一切都是相对的，风险水平取决于您所感知的威胁模型-即您要防御的威胁是什么？

The much publicised Heartbleed bug allowed attackers to retrieve items from servers' memory in 64KB chunks. 广为流传的Heartbleed错误使攻击者能够以64KB的块大小从服务器内存中检索项目。 However, the strategy here is to have a vulnerability management (patching process) in place rather than coding round these types of problems. 但是，此处的策略是就地进行漏洞管理（修补过程），而不是针对这些类型的问题进行编码。

Regarding encrypting passwords - this is something you should rely on HTTPS for rather than encrypting them on the client in Javascript. 关于加密密码-这是您应该依靠HTTPS进行的操作，而不是使用Javascript在客户端上对其进行加密。 When they arrive on your server store and compare them in hashed format using a slow algorithm such as bcrypt, scrypt or pbkdf2. 当它们到达您的服务器存储时，使用慢速算法（例如bcrypt，scrypt或pbkdf2）以散列格式比较它们。 Also use cookies marked with the secure & http only flags, implement a HSTS policy and you should be good to go on the password storage and transmission front. 还可以使用标有安全和仅http标志的cookie，实施HSTS策略，您应该继续进行密码存储和传输。

CERT's advice regarding handling sensitive data in memory is here . CERT有关处理内存中敏感数据的建议在此处。

The parts most relevant to your question are: 与您的问题最相关的部分是：

Disable memory dumps. 禁用内存转储。
Do not store sensitive data beyond its time of use in a program. 不要在程序中超出其使用时间存储敏感数据。
Do not store sensitive data in plaintext (either on disk or in memory). 不要以明文形式（在磁盘或内存中）存储敏感数据。
If you must store sensitive data, encrypt it first. 如果必须存储敏感数据，请先对其进行加密。
Securely erase sensitive data from disk and memory. 从磁盘和内存中安全删除敏感数据。

This means that while the whole hashing scheme is to prevent an attacker from gaining access to passwords EVEN IF the server is compromised, a skilled hacker could get at it anyway. 这意味着，尽管整个散列方案是为了防止攻击者即使在服务器受到威胁的情况下也无法访问密码，但熟练的黑客仍然可以使用它。

Remember that having a secure system does not only mean you need to have secure coding practises and secure infrastructure. 请记住，拥有安全的系统不仅意味着您需要拥有安全的编码实践和安全的基础架构。 This is because you can never have 100% security. 这是因为您永远无法拥有100％的安全性。 Part of the puzzle that this would be missing is any form Intrusion Detection/Prevention (IDS/IPS). 任何形式的入侵检测/防御（IDS / IPS）都将使人们感到困惑。 This takes the view that systems will be compromised at some point, so rather than trying to prevent every conceivable type of attack, you instead detect it, allowing you to take appropriate immediate action. 这认为系统会在某个时刻受到威胁，因此，与其尝试阻止每种可能的攻击类型，不如尝试检测到它，从而允许您立即采取适当的措施。 This would cover you in the event that an attacker managed to compromise your system and started to harvest credentials as they arrive during the login process. 如果攻击者设法破坏了您的系统并在登录过程中收到凭据时就开始对其进行收集，这将为您提供保护。

You're correct. 没错 The remote attacker would have to change the code though. 但是，远程攻击者必须更改代码。 This can be easily done for PHP, but not so for compiled languages. 对于PHP，这可以轻松完成，但对于编译语言，则不容易。 Obfuscated PHP code also has a place in hindering the attacker in their endeavor. 混淆的PHP代码也可以阻止攻击者的努力。

Sometimes even compiled or obfuscated code cannot stop the attack when the attacker is one of the developers. 有时，当攻击者是开发者之一时，即使编译或混淆的代码也无法阻止攻击。

Note that multi-party communication and zero-knowledge proofs can be probably subverted in the same way when used for user authentication. 请注意，多方通信和零知识证明在用于用户身份验证时可能会以相同的方式被破坏。 I don't think there is really an alternative besides making it really hard for the attacker to break into your server. 我认为除了使攻击者很难侵入您的服务器外，没有其他选择。

This is something like how most big sites have you log in 就像您登录大多数大型网站一样

Actually, I have never seen any sites encrypt the password client-side. 实际上，我从未见过任何站点在客户端对密码进行加密。 Encrypting on the client and then decrypting it on the server gains absolutely nothing. 在客户端上加密，然后在服务器上解密，绝对不会获得任何好处。 That's what SSL certificates are for. 这就是SSL证书的用途。 Almost all sites I've ever seen in my life just send the password in plain text to the server and then hash it there (we hope). 我一生中见过的几乎所有站点都只是以纯文本形式将密码发送到服务器，然后在此处进行哈希处理（我们希望如此）。

If you are trying to prevent the server from ever having the plain text password in memory, you could hash it client-side and then hash the hash on the server. 如果要防止服务器在内存中使用纯文本密码，则可以在客户端对它进行哈希处理，然后对服务器上的哈希进行哈希处理。 Just keep in mind that when you hash a password on the client, the hash actually becomes the password. 请记住，在客户端上对密码进行哈希处理时，哈希实际上就是密码。