My security knowledge is kind of limited but I might learn something.
I´m planning to create an ajax application where I encrypt/decrypt passwords client-side with a typed master password using a javascript AES library and then send/retrieve the encrypted data to/from Google App Engine(user authenticated).
I actually found a project with the same idea: http://code.google.com/p/safety-vault/
我的安全知识有限,但我可能会学到一些东西。我打算创建一个ajax应用程序,我使用javascript AES库使用键入的主密码对客户端密码进行加密/解密,然后向/从Google App Engine发送/检索加密数据(用户通过身份验证)。我实际上发现了一个具有相同想法的项目:http://code.google.com/p/safety-vault/
In my mind as long as I keep my local computer secure (keyloggers) this should be quite secure or am I missing something?
在我看来,只要我保证本地计算机安全(键盘记录器),这应该是非常安全的,还是我错过了什么?
3 个解决方案
#1
1
As long as you use SSL for the webapp, this should be fine. Without SSL, an attacker could modify the page to insert some Javascript that sends them your password when you type it.
只要您为webapp使用SSL,这应该没问题。如果没有SSL,攻击者可以修改页面以插入一些Javascript,在您键入密码时会向他们发送密码。
You might want to reconsider your threat model, though. Do you trust the server? If not, you shouldn't trust it to not send you a page that captures your master password when you enter it. If you do, you shouldn't have any qualms in sending your master password to the server.
但是,您可能希望重新考虑您的威胁模型。你相信服务器吗?如果没有,您不应该相信它在您输入时不会向您发送捕获主密码的页面。如果这样做,您不应该有任何疑虑将主密码发送到服务器。
#2
0
There is a problem here, as I assume at some point you're going to have to send your master password to the browser client? If you have the master password, then you can decrypt the stream you send...
这里有一个问题,因为我认为在某些时候你必须将你的主密码发送到浏览器客户端?如果您有主密码,那么您可以解密您发送的流...
Use HTTPS, it's what it was designed for.
使用HTTPS,它就是它的设计目标。
#3
0
You effectively are trusting Google App Engine employees, and transitively, the entire trust chain behind them, to not steal your passwords. Encrypting client side doesn't mean anything if you are executing JavaScript code the server sends you, furthermore if you have no HTTPS implemented properly, it's trivial for someone to do a man in the middle attack and steal your passwords as they are transmitted. Just store the passwords locally or encrypt them with a well known tool like GPG and upload them.
您实际上是信任Google App Engine员工,并且传统上信任他们背后的整个信任链,以免窃取您的密码。如果您正在执行服务器发送给您的JavaScript代码,加密客户端并不意味着什么,此外,如果您没有正确实施HTTPS,那么在中间攻击中做某人并在传输时窃取您的密码是微不足道的。只需在本地存储密码或使用GPG等众所周知的工具加密它们并上传它们。
#1
1
As long as you use SSL for the webapp, this should be fine. Without SSL, an attacker could modify the page to insert some Javascript that sends them your password when you type it.
只要您为webapp使用SSL,这应该没问题。如果没有SSL,攻击者可以修改页面以插入一些Javascript,在您键入密码时会向他们发送密码。
You might want to reconsider your threat model, though. Do you trust the server? If not, you shouldn't trust it to not send you a page that captures your master password when you enter it. If you do, you shouldn't have any qualms in sending your master password to the server.
但是,您可能希望重新考虑您的威胁模型。你相信服务器吗?如果没有,您不应该相信它在您输入时不会向您发送捕获主密码的页面。如果这样做,您不应该有任何疑虑将主密码发送到服务器。
#2
0
There is a problem here, as I assume at some point you're going to have to send your master password to the browser client? If you have the master password, then you can decrypt the stream you send...
这里有一个问题,因为我认为在某些时候你必须将你的主密码发送到浏览器客户端?如果您有主密码,那么您可以解密您发送的流...
Use HTTPS, it's what it was designed for.
使用HTTPS,它就是它的设计目标。
#3
0
You effectively are trusting Google App Engine employees, and transitively, the entire trust chain behind them, to not steal your passwords. Encrypting client side doesn't mean anything if you are executing JavaScript code the server sends you, furthermore if you have no HTTPS implemented properly, it's trivial for someone to do a man in the middle attack and steal your passwords as they are transmitted. Just store the passwords locally or encrypt them with a well known tool like GPG and upload them.
您实际上是信任Google App Engine员工,并且传统上信任他们背后的整个信任链,以免窃取您的密码。如果您正在执行服务器发送给您的JavaScript代码,加密客户端并不意味着什么,此外,如果您没有正确实施HTTPS,那么在中间攻击中做某人并在传输时窃取您的密码是微不足道的。只需在本地存储密码或使用GPG等众所周知的工具加密它们并上传它们。