Two weeks, overtime, weekend group built shout out to dinner with friends watching movies ...... seems to be all sorts of things that can become a reason not read, ah! But in the end, or are you lazy.
The look is computer security. I only joined the project, just change security, until today, has been nearly a year, or did not change completely safe. A familiar face around the desk is actually a lot less, I actually sprouting from when it was new just came into the eyes of others experienced people!
Before did not watch, I have seen a lot of things security, encryption, SQL injection, use placeholder not directly fight the reception table names can not write SQL statements (this is very pit, our predecessors have a big brother in the foreground It encapsulates a useful controls), in response to the request, and not sensitive information ......
Take a look at this book is to understand how "safe" it!
Safety has always been our wish to have something, like when we hope to financial breakeven and profitability, as the book cited an example: Alice and Bob are a pair of holding secret relations of private persons; they certainly hope that between each other communication is secure.
Secure communications, necessary characteristics: confidentiality (packet needs encryption), message integrity (the content transmitted unaltered), endpoint identification (and I communicate with people, I want that person to communicate it?), Run security (firewall).
Intruder could do the operation: tapping (see 2 packets), modify messages between two people.
To deal with this problem, make a deal with encryption. I work in the treatment and do the same thing.
Here referred to the principles of cryptography. I know that we are now using a system symmetric encryption, after which certainly needs to be changed.
Cryptography is issued before the message is encrypted during transmission so that the transmission is the ciphertext, decrypt recipient accepts, and then view the message. This enables an encrypted transmission, the recipient information is acquired ciphertext, finding valid information.
All cryptographic algorithm, is a thing to replace another thought. However, the encryption algorithm is public ...... which requires a key.
Symmetric cryptography, stream cipher and block cipher, the block cipher, the encrypted message processing for the k-bit blocks, each independent encrypted to encrypt a block by way of one mapping. Cited several examples of symmetric encryption function that we used in the project is the AES ah!
Then, RSA, a bunch of formulas, anyway, that he is the standard encryption algorithm on the line.
To ensure message integrity, the need to use digital signatures and endpoint identification.
The recipient needs to know that the message sent is indeed the source of the sender, and the message has not been changed in the middle.
Cryptographic hash function: hash values are unique, the intruder can not be replaced.
Message authentication code: that a shared key, and the message is generated hash (hash code is not that the contract with you when we have such verification, archive acquired hash codes, each scene with a key to get it, compare! under hash code, e-mail sent in the past to ensure that the contents of our side is to send one.)
Digital signatures: that is to not repeat a string? The concept of public and private keys or.
Endpoint identification: the human world, to identify a person There are many ways, but not the same in the computer world. In simple terms, it should generate a token value is sent with the recipient to ensure that I am me.