Go – 二进制密码安全

huangapple go评论84阅读模式
英文:

Go - password security in binary

问题

我打算在我的Go应用程序中保存一个密码/密钥,以便与其他应用程序进行通信。我想知道如何保护它,例如防止某人获取二进制文件并在某个十六进制查看器中搜索它。这样的安全实践是否常见,还是我太过担心了?

英文:

I intend to save a password/secret key in my Go application to be used in communication with some other applications. I wonder how to secure it from for example someone obtaining the binary and searching for it in some hex viewer. Are such security practices common, or am I worrying too much?

答案1

得分: 14

简洁地说:

不要这样做!

这样做不安全,会被破解。而且,如果每个人都使用相同的密码,那么当有人的密码被破解一次时,所有人的密码都会永久被破解。

英文:

Succinctly:

Don't!

It won't be secure; it will be broken. Further, if everyone is using the same password, then when it is broken once for one person, it is broken for all time for everyone.

答案2

得分: 4

混淆数据和/或代码。这意味着将密码存储在一个相对难以搜索的形式中,如果找到其位置,密码也相对难以解密。

如果没有足够安全的混淆方法(您希望完全安全),唯一的解决方案是不以任何形式将密码放入可执行文件中。

英文:

Obfuscate the data and/or code. This means to store the password in a form that is reasonably difficult to search for, and if its location is found the password is reasonably difficult to decipher.

In case no obfuscation method is secure enough (you want full security), the only solution is not to put the password into the executable in any form.

huangapple
  • 本文由 发表于 2012年1月20日 09:30:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/8935729.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定