在Linux中存储秘密
[英]Storing secrets in Linux
问题描述
Sorry, if this has been asked and answered here, simple search didn't give me much. 
对不起,如果这里有人问过并回答过,那么简单的搜索并没有给我太多帮助。 Feel free to correct the tags and provide links to questions like the following or discussions of the subject. 随意更正标签,并提供以下问题的链接或主题的讨论。 Also, I know Windows somewhat, Linux not so much, so the questions may appear trivial. 另外,我在某种程度上了解Windows,而不是Linux,因此这些问题可能显得微不足道。
Some Windows apps use the registry and some other obscure places to store there their activation data, trial period days left, just the fact that the software has been installed on this OS. 一些Windows应用程序使用注册表和其他一些不起眼的地方来存储他们的激活数据,试用期还剩下几天,只是软件已经安装在这个操作系统上。
Are there similar places in Linux? Linux中有类似的地方吗?
If there are, how discoverable is data there given that you don't only have the root access rights, but also pretty much all the source code and can always tweak the kernel and get things by force? 如果有,那么数据是多么容易被发现,因为你不仅拥有root访问权限,而且几乎所有的源代码都可以调整内核并强制获取内容?
If there's no way to protect such data in Linux, all other things being equal, how much does it affect availability of commercial software for Linux? 如果没有办法在Linux中保护这些数据,所有其他条件相同,它对Linux商业软件的可用性有多大影响?
4 个解决方案
解决方案1
6 已采纳 2011-10-06 11:26:53
What you are saying is security by obscurity - and no, registry in Windows is not much more obscure place to store data than any deeply hidden file in Linux. 你所说的是默默无闻的安全性 - 不然,Windows中的注册表并不比Linux中任何深度隐藏的文件更难以存储数据。
That said, programs in Linux usually store their data in files beginning with a dot . 也就是说,Linux中的程序通常将数据存储在以点开头的文件中. (signifying a hidden nature of those files) in user's home directory. (在用户的主目录中表示这些文件的隐藏性质)。 Usually the places are not very much obscure, for example Qt has a class QSettings which in Windows uses system registry but in Linux the data is stored in .config/CorporationName/ProgramName.conf . 通常这些地方并不是很模糊,例如Qt有一个类QSettings ,它在Windows中使用系统注册表,但在Linux中,数据存储在.config/CorporationName/ProgramName.conf 。 Many other programs also store data in this way. 许多其他程序也以这种方式存储数据。 Being paranoic of your data you could of course employ any encryption, obsfucation scheme you like - much more obscure than the Windows registry. 对你的数据视而不见,你当然可以使用你喜欢的任何加密,阻碍方案 - 比Windows注册表更加模糊。
Is the non-availabity of Windows-style registry hindering the availability of commercial software? Windows风格的注册表是否不可用会妨碍商业软件的可用性? Even if by a small factor (but I do not believe so), there are more serious problems(/features) with the platform that make writing commercial and closed software more bothersome. 即使是一个小因素(但我不相信),平台上存在更严重的问题(/特征),这使得编写商业和封闭软件变得更加麻烦。 (but not impossible) (但并非不可能)
解决方案2
2 2011-10-06 11:22:00
Regardless of which OS you use, you should not depend on security by obfuscation. 无论您使用哪种操作系统,都不应该通过混淆来依赖安全性。 It is the easiest thing to crack. 这是最容易破解的事情。 Wherever you store your data you should encrypt it and only decrypt it at runtime for as brief a period of time as possible. 无论您在何处存储数据,都应对其进行加密,并且只能在运行时将其解密一段时间。 Better yet , if you're using user accounts that are stored on a server you control, store the data there and perform your checks during authentication/authorization. 更好的是 ,如果您使用的是存储在您控制的服务器上的用户帐户,请将数据存储在那里并在身份验证/授权期间执行检查。
解决方案3
1 2011-10-06 11:25:03
The only theoretically secure solution is IMO to obtain a network connection, and store the data as an encrypted string, and only ever decrypt it on the central server which is fully under your control. 唯一理论上安全的解决方案是IMO获取网络连接,并将数据存储为加密字符串,并且只能在完全由您控制的中央服务器上解密。 This is true of Windows just as well. Windows也是如此。
解决方案4
0 2011-10-06 11:20:24
There are several options to store secret data: 存储机密数据有多种选择:
simple encrypted files (can be done with gpg)
简单的加密文件(可以用gpg完成) encrypted container (eg with truecrypt, dm-crypt)
加密容器(例如,使用truecrypt,dm-crypt) encrypted partitions or disks (dm-crypt)
加密分区或磁盘(dm-crypt)
Not to forget, you should use an encrypted swap too. 不要忘记,您也应该使用加密交换。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.