哈希和保护数据在传输中

huangapple go评论81阅读模式
英文:

Hash and protecting data in transit

问题

我在AWS文档中找到了关于保护传输中的请求数据的以下建议:

https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

保护传输中的数据
为了防止在请求在传输过程中被篡改,一些请求要素用于计算请求的哈希(摘要),并且生成的哈希值作为请求的一部分包括在内。当AWS服务接收到请求时,它使用相同的信息计算哈希,并将其与请求中的哈希值进行匹配。如果这些值不匹配,AWS将拒绝该请求。

我想知道篡改者是否不能从更改后的值重新计算哈希,并将新的哈希替换为原始哈希,从而服务器无法在请求中看到任何问题?

生成哈希时是否使用了秘密密钥?篡改者将无法正确地创建新的哈希吗?

我确定我在这里漏掉了某些内容。是否有人可以帮忙解答一下。

英文:

I came across the below suggestion on AWS docs regarding protecting request data in transit:

https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

Protect data in transit
To prevent tampering with a request while it's in transit, some of the request elements are used to calculate a hash (digest) of the request, and the resulting hash value is included as part of the request. When an AWS service receives the request, it uses the same information to calculate a hash and matches it against the hash value in your request. If the values don't match, AWS denies the request.

Just wondering is it not possible for the tamperer to recalculate the hash from the changed values and replace the new hash with the original hash, so that server is not able to see any problem with the request?

Is hash getting creating using a secret key? And tamperer will not be able to create the new hash properly?

I am sure I am missing something here. Could someone please help.

答案1

得分: 2

这些签名由密码哈希和秘密密码密钥组成。例如,https://en.wikipedia.org/wiki/HMAC。这就是为什么您无法篡改数据并重新计算哈希。

英文:

Those signatures are comprised of a cryptographic hash and a secret cryptographic key. For example https://en.wikipedia.org/wiki/HMAC. That is why you cant temper with the data and re-hash.

答案2

得分: 1

是的,“hash”在这里指的实际上是HMAC,创建它需要您的AWS秘密访问密钥。

英文:

> Is hash getting creating using a secret key?

Yes, the "hash" referred to here is actually an HMAC, and creating it requires your AWS secret access key.

huangapple
  • 本文由 发表于 2020年10月16日 15:40:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/64384879.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定