Http://www.cnblogs.com/charlesblc/p/6341265.html one of the articles.
Reference
Https://zhuanlan.zhihu.com/p/20336461?refer=auxten
Network Programming (IV): What security issues should be considered in the implementation process of the TCP socket server in the Internet?
In the Internet environment, security issues I mainly divided into the following categories:
- Hackers steal information during transmission
- Security of the server itself
- Security of server-side data
First, if you can use HTTPS, as far as possible with HTTPS, can use Nginx and other common server, the use of common servers , mainly to avoid the following problems:
- Self-implemented protocol &server may have various bugs, buffer overflow attacks, etc.
- SSL encryption system is mature enough for monitoring and trustworthy
If you need to implement the server side, the implementation of a set of qualified SSL is very test of the foundation:
- The first thing to understand is the principle of SSL encryption system key exchange
- A deep understanding of symmetric and asymmetric cryptographic algorithms
- How to implement a set of key exchange system with asymmetric encryption algorithm
- How to handle CA certificates and how to avoid man-in-the-middle attacks in self-signed situations
In the process of project realization, we should consider:
- Various possible buffer overflow attacks
- SYN flood attack, slow connection attack
- DDoS defense is difficult, but at least it can defend against Dos attacks.
At the business logic level, consider:
- User & permission verification for each interface
- The interface will not be used by people, replay attack
- The attacker will not find an interface that consumes server-side resources, exhausting the server resources at a very small cost
- User's username password will not be broken through the interface, see: Celebrity photo hack
- Your service will not be exploited by hackers to attack other services, especially what resources will be crawled according to user input services
- An ancient SQL injection
- Shameless phishing services, DNS fraud
- Involving the HTML, but also to consider the cross-site ...
Even if you do it seamlessly, consider that teammates sometimes drop the chain:
- GLIBC, OpenSSL these underlying libraries can also be exploited, see: Heartbleed
- Other services on the same host are compromised
After writing it, the whole person is not good.
About encryption and decryption algorithms see: Encryption and Decryption (encryption) & hashing (hash) algorithms----Getting started-programming for payroll-know-how column
First, the difference between encryption algorithm and hash algorithm
- Information Theory angle:
- Encryption is reversible, without the change of information entropy
- Hash is irreversible, and hash generally leads to decreased information entropy.
- Application angle:
- Encryption is often used to encrypt key-based data encryption (AES, RSA, ECC)
- Hash is mainly used to do digital signature, data check (CRC, SHA, MD5)
- Small white angle:
- Encryption is a safe with a password.
- Hash is the juicer, there is no return
Second, the encryption and decryption algorithm is divided into symmetric (symmetric), asymmetric (asymmetry) two major categories
- Symmetric (symmetric) encryption
- Symmetric encryption algorithm is very much, the general use of AES is basically enough.
Asymmetric (asymmetry) encryption
- Asymmetric encryption algorithm, is the encryption, decryption of the key is divided into two groups, and can not be reversed. This algorithm is difficult in reality to have anything to analogy. Roughly is through some kind of algorithm can generate a key pair K1, K2, with K1 encrypted ciphertext can only be decrypted with K2, and vice versa.
There are two types of asymmetric cryptographic algorithms that are commonly used in principle:
- An algorithm based on factor decomposition
- RSA, DSA is the representative of this kind of algorithm, the Linux system SSH is based on these two algorithms for file key auth. In the last few years, RSA is generally recommended to reach a minimum of 1024-bit keys to protect against brute force, but due to the increased computing power of GPUs and supercomputers, the key length is now recommended for 2048 bits.
- Elliptic curve algorithm (ECC)
- The asymmetric encryption algorithm is cool, but it has a fatal disadvantage: slow. RSA encryption is approximately 1/30 of the speed of AES. So we can't use this kind of encryption algorithm on all occasions. Our program Ape predecessors created encryption systems such as SSL and TLS:
Third, encryption system
The predecessor of TLS is ssl,http + TLS = HTTPS
Once both the client and the server agree to use the TLS protocol, they negotiate a stateful connection to transfer the data by using a handshake process [1]. By shaking hands, the client and server negotiate various parameters for establishing a secure connection:
1. When a client connects to a server that supports the TLS protocol and requires a secure connection and lists the supported cipher combinations (cryptographic cipher algorithm and cryptographic hash function), the handshake begins.
2. The server determines the encryption and hashing functions from this list and notifies the client.
3. The server sends back its digital certificate, which typically contains the name of the server, the trusted certification authority (CA), and the public key of the server.
4. The client confirms the validity of the certificate it issued.
5. In order to generate a session key for a secure connection, the client encrypts the randomly generated key using the server's public key and sends it to the server, only the server can decrypt it with its own private key.
6. Using random numbers, both sides generate symmetric keys for encryption and decryption.
7. This is the handshake of the TLS protocol, and the connection after the handshake is secure until the connection (IS) closed. If any one of these steps fails, the TLS handshake process fails and all connections are disconnected.
V. the importance of salt
Previously mentioned in this article, if the simple file by block to encrypt, even the most robust algorithm there will be a very obvious loophole, here is no longer repeat, see: With the known encryption algorithm AES encryption text 123, get ciphertext xxx, ask can be based on ciphertext, encryption algorithm, The original text 123 directly derive the key is what? -Auxten's answer
About the selection of hash functions:
The work found that many people's understanding of the hash function is limited to MD5. For example, when doing a database sub-table, you may need to do a hash of hostname and then go to modulo, where the use of MD5 is too wasteful CPU. Be aware that MD5 averages 6.8 operations per byte.
If you just need to take advantage of a discrete hash, you can use a lighter hashing algorithm
The Internet server implementation process needs to consider which security issues & decryption and hashing knowledge points