在提交之前用javascript加密密码是否有意义?
[英]does it make sense to encrypt a password in javascript before submit?
问题描述
I'm following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html 
我在http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html上关注这个例子
The thing I don't fully understand is what is the gain by doing this? 我不完全明白的是这样做有什么好处? The secret word is posted in the form, so anyone who might be sniffing would surely see that secret word, as well as the javascript and be able to figure out the password anyways. 秘密的单词张贴在表单中,所以任何可能正在嗅探的人肯定会看到这个秘密单词,以及javascript,并且无论如何都能找出密码。 Does it really make sense to do this? 这样做真的有意义吗?
1 个解决方案
解决方案1
5 已采纳 2011-10-19 16:30:15
An eavesdropper would not be able to derive the password, because they only know: 窃听者无法获取密码,因为他们只知道:
- the secret word 秘密的话
- the hash of the secret word/password combination 秘密字/密码组合的哈希值
Since hashes are one-way, you cannot derive the password itself from these. 由于哈希是单向的,因此您无法从这些哈希中获取密码。
What you gain : The user has set up a password which the server is able to verify, without having to send the plaintext password itself. 您获得的 :用户设置了服务器能够验证的密码,而无需自行发送明文密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.