堆栈内存溢出
  简体   繁体   English

通过Java中的TCP套接字安全地传输密码

[英]Securely transmitting password over TCP Socket in Java

 原文  2016-02-24 11:10:01       java/ sockets/ security/ tcp

问题描述

I want to write a secure method of authentication over TCP sockets in Java. 我想在Java中编写一种通过TCP套接字进行身份验证的安全方法。 I've read reasonably extensively on the subject, but I am by no means an expert. 我已经对该主题进行了广泛的阅读,但我绝不是专家。 There seems to be a bit of variance in opinion on how this is best done. 关于如何最好地做到这一点,似乎存在一些分歧。

I know pretty well had to generate my password hashes, but that doesn't do me a whole lot of good if an attacker can simply glean the passwords/password hashes while in transit. 我知道必须生成我的密码哈希,但是如果攻击者在传输过程中可以简单地收集密码/密码哈希,那对我并没有多大好处。 So I want to create a reasonably secure method of sending this data across. 因此,我想创建一种合理安全的方法来发送此数据。

The most popular method seems to be using SSL sockets. 最受欢迎的方法似乎是使用SSL套接字。 However, my code will not be used as a single server (as an online game might be) but instead will have many instances run by various consumers. 但是,我的代码不会用作单个服务器(可能就像在线游戏一样),而是由许多使用者运行许多实例。 I personally don't have a means to purchase an SSL certificate, and I can't really ask my consumers to do that either. 我个人没有购买SSL证书的方法,而且我也不能真正要求消费者这样做。 Creating self-signed certificates and then installing them in a keystore for each client seems both difficult and a little insecure. 创建自签名证书,然后为每个客户端将其安装在密钥库中似乎既困难又有点不安全。 If I were handling all server instances, this would be a much more viable option, since I would only need one certificate, but as it stands now 如果我要处理所有服务器实例,那么这将是一个更可行的选择,因为我只需要一个证书,但就目前而言

So I worked on simply securing the TCP socket while performing log ins. 因此,我只是在执行登录时简单地保护TCP套接字。 I can do this pretty well using a Diffie-Hellman algorithm. 使用Diffie-Hellman算法,我可以做到这一点。 However, as I research this, people kept saying to use SSL instead. 但是,当我对此进行研究时,人们不断说要使用SSL。

How can I securely transmit passwords over Java TCP sockets in an efficient but portable manner? 如何以有效但可移植的方式通过Java TCP套接字安全地传输密码?

2 个解决方案

解决方案1
 -2  2016-02-24 11:34:40

Have you considered RSA encryption? 您是否考虑过RSA加密? RSA encryption is the same encryption that SSL uses: RSA加密与SSL使用的加密相同:

https://en.wikipedia.org/wiki/RSA_(cryptosystem) https://zh.wikipedia.org/wiki/RSA_(密码系统)

解决方案2
 -2  2016-02-24 11:44:12

You can use the Diffie-Hellman key exchange algorithm . 您可以使用Diffie-Hellman密钥交换算法 This is exactly for your use case, to exchange keys over a public network. 这正是您的用例,用于通过公共网络交换密钥。 See the Oracle Diffie-Hellman example . 请参阅Oracle Diffie-Hellman示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java通过TCP套接字有效地发送floatbuffer - Java send floatbuffer over a tcp socket efficiently Java通过TCP Socket分别发送数据 - Java send data over TCP Socket seperately 通过TCP管理Java中的套接字连接 - manage socket connection in Java over tcp 通过TCP套接字的ObjectOutputStream - ObjectOutputStream over a TCP Socket 通过Java TCP套接字发送任意长的字符串 - Sending arbitrarily long string over Java TCP socket 如何通过TCP套接字连接重定向进程的输入和输出? (java) - How to redirect input and output of a Process over a TCP socket connection? (java) 通过 TCP 套接字 Java 实现的双向 JSON-RPC - Bidirectional JSON-RPC over TCP socket Java implementation 通过 TCP 套接字服务器解析 java 中的二进制数据 - Parsing binary data in java received over TCP socket server Java通过TCP套接字从队列或堆栈发送对象 - Java sending objects from queue or stack over TCP socket Java TCP套接字侦听器 - Java TCP socket listener
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM