英文:
Hash and protecting data in transit
问题
我在AWS文档中找到了关于保护传输中的请求数据的以下建议:
https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
保护传输中的数据
为了防止在请求在传输过程中被篡改,一些请求要素用于计算请求的哈希(摘要),并且生成的哈希值作为请求的一部分包括在内。当AWS服务接收到请求时,它使用相同的信息计算哈希,并将其与请求中的哈希值进行匹配。如果这些值不匹配,AWS将拒绝该请求。
我想知道篡改者是否不能从更改后的值重新计算哈希,并将新的哈希替换为原始哈希,从而服务器无法在请求中看到任何问题?
生成哈希时是否使用了秘密密钥?篡改者将无法正确地创建新的哈希吗?
我确定我在这里漏掉了某些内容。是否有人可以帮忙解答一下。
英文:
I came across the below suggestion on AWS docs regarding protecting request data in transit:
https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
Protect data in transit
To prevent tampering with a request while it's in transit, some of the request elements are used to calculate a hash (digest) of the request, and the resulting hash value is included as part of the request. When an AWS service receives the request, it uses the same information to calculate a hash and matches it against the hash value in your request. If the values don't match, AWS denies the request.
Just wondering is it not possible for the tamperer to recalculate the hash from the changed values and replace the new hash with the original hash, so that server is not able to see any problem with the request?
Is hash getting creating using a secret key? And tamperer will not be able to create the new hash properly?
I am sure I am missing something here. Could someone please help.
答案1
得分: 2
这些签名由密码哈希和秘密密码密钥组成。例如,https://en.wikipedia.org/wiki/HMAC。这就是为什么您无法篡改数据并重新计算哈希。
英文:
Those signatures are comprised of a cryptographic hash and a secret cryptographic key. For example https://en.wikipedia.org/wiki/HMAC. That is why you cant temper with the data and re-hash.
答案2
得分: 1
是的,“hash”在这里指的实际上是HMAC,创建它需要您的AWS秘密访问密钥。
英文:
> Is hash getting creating using a secret key?
Yes, the "hash" referred to here is actually an HMAC, and creating it requires your AWS secret access key.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论