{"id":255416,"date":"2016-02-04T08:20:30","date_gmt":"2016-02-04T00:20:30","guid":{"rendered":"http:\/\/blog.zhenglei.net\/?p=255416"},"modified":"2016-02-04T08:20:30","modified_gmt":"2016-02-04T00:20:30","slug":"%e7%8e%b0%e4%bb%a3%e5%af%86%e7%a0%81%e5%ad%a6%e5%ae%9e%e8%b7%b5%e6%8c%87%e5%8d%972015%e5%b9%b4","status":"publish","type":"post","link":"https:\/\/blog.zhenglei.net\/?p=255416","title":{"rendered":"\u73b0\u4ee3\u5bc6\u7801\u5b66\u5b9e\u8df5\u6307\u5357[2015\u5e74]"},"content":{"rendered":"<p><a href=\"http:\/\/www.2cto.com\/Article\/201509\/442154.html\">http:\/\/www.2cto.com\/Article\/201509\/442154.html<\/a><\/p>\n<dl class=\"box_INFO\">\n<dd class=\"frinfo line_blue\">2015-09-11 \u00a0\u00a0\u00a0\u00a0 <a href=\"http:\/\/www.2cto.com\/Article\/201509\/442154.html#SOHUCS\">\u00a0<\/a> \u00a0\u00a0 \u6765\u6e90\uff1aTech Ideas\u00a0\u00a0<\/dd>\n<\/dl>\n<dl id=\"fontzoom\" class=\"box_body\">\n<dd id=\"Article\">\n<div>\u4e0b\u6587\u5206\u7c7b\u4ecb\u7ecd\u5728\u5404\u79cd\u9002\u7528\u573a\u666f\u4e0b\uff0c\u4f60\u5e94\u8be5\u4f7f\u7528\u7684\u73b0\u4ee3\u5bc6\u7801\u5b66\u7b97\u6cd5<\/div>\n<div><\/div>\n<div>1. \u52a0\u5bc6\u6570\u636e :<\/div>\n<div><\/div>\n<div>\u6309\u7167\u4f18\u5148\u7ea7\uff0c\u5e94\u8be5\u9009\u62e9:<\/div>\n<div><\/div>\n<div>(1) \u9996\u9009 NaCl\u5e93\uff0c\u6216\u8005libsodium\u5e93\uff0c\u4f7f\u7528\u91cc\u9762\u7684crypto_secretbox()\/crypto_secretbox_open() \u51fd\u6570 (2) Chacha20-Poly1305 \u7b97\u6cd5 (3) AES-GCM \u7b97\u6cd5<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f:\u5f53\u4f60\u9700\u8981\u907f\u514d\u628a\u660e\u6587\u6570\u636e\u5728\u7f51\u7edc\u4e0a\u4f20\u8f93\u7684\u65f6\u5019\u3002<\/div>\n<div><\/div>\n<div>\u4ee5\u4e0a3\u79cd\u7b97\u6cd5\uff0c\u90fd\u662fAEAD\u7c7b\u7684\u7b97\u6cd5\uff0cAEAD\u662f2015\u5e74\u6700\u597d\u7684\u9009\u62e9\u3002 \u5176\u4e2d\u7684(2)\u548c(3)\u5728\u7ed3\u6784\u4e0a\u7c7b\u4f3c\uff1a\u4e00\u4e2a\u6d41\u52a0\u5bc6\u6a21\u5f0f\u7684\u7b97\u6cd5\uff0c\u914d\u5408\u4e00\u4e2a\u591a\u9879\u5f0f\u7ed3\u6784\u7684MAC\u3002 (2)\u662f\u4e00\u4e2a\u6d41\u52a0\u5bc6\u7b97\u6cd5\uff0c\u914d\u5408\u4e00\u4e2a\u4e3a\u901a\u7528cpu\u4f18\u5316\u7684MAC\u7b97\u6cd5\uff0c \u5bf9\u5bc6\u7801\u5b66\u5e93\u7684\u5b9e\u73b0\u8005\u6765\u8bf4\uff0cPoly1305\u4e5f\u6bd4GCM\u66f4\u5bb9\u6613\u5b89\u5168\u5730\u5b9e\u73b0\u3002 AES-GCM\u662f\u5de5\u4e1a\u6807\u51c6(TLS\u76ee\u524d\u4e3b\u8981\u7528\u7684\u5c31\u662fAES-GCM)\uff0c\u73b0\u4ee3CPU\u901a\u5e38\u90fd\u6709\u4e13\u95e8\u4e3aAES-GCM\u8bbe\u8ba1\u7684\u786c\u4ef6\u6307\u4ee4\uff0c\u4f46\u662f\u5728\u6ca1\u6709\u786c\u4ef6\u6307\u4ee4\u652f\u6301\u7684 CPU\u4e0a(\u6bd4\u598232\u4f4d\u7684arm)\uff0c(3)\u6027\u80fd\u4f4e\u4e8e(2)\u3002<\/div>\n<div><\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514dAES-CBC(\u8bf4\u6765\u8bdd\u957f\uff0c\u540e\u6587\u6709\u89e3\u91ca)<\/div>\n<div>\u907f\u514dAES-CTR<\/div>\n<div>\u907f\u514d64bit\u5757\u5927\u5c0f\u7684\u5757\u52a0\u5bc6\u7b97\u6cd5\u2014(\u8bf4\u7684\u5c31\u662f\u4f60\u2014BlowFish)<\/div>\n<div>\u907f\u514dOFB\u6a21\u5f0f<\/div>\n<div>\u4e0d\u8981\u4f7f\u7528RC4\uff0cRC4\u5df2\u7ecf\u88ab\u653b\u7834<\/div>\n<div>2. \u5bf9\u79f0\u5bc6\u94a5\u957f\u5ea6 :<\/div>\n<div><\/div>\n<div>\u9009\u62e9\u4f7f\u7528256bit\u957f\u5ea6\u7684\u5bc6\u94a5<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f\uff1a\u53ea\u8981\u4f60\u5728\u4f7f\u7528\u5bc6\u7801\u5b66\uff0c\u4f60\u5c31\u5e94\u8be5\u6ce8\u610f\u5bf9\u79f0\u5bc6\u94a5\u957f\u5ea6<\/div>\n<div><\/div>\n<div>\u8bf7\u8bb0\u4f4f\uff1a\u4e0d\u8981\u628a\u5bf9\u79f0\u52a0\u5bc6\uff08\u5982AES\uff09\u7684key\u957f\u5ea6\uff0c\u548c\u975e\u5bf9\u79f0\u52a0\u5bc6(\u5982RSA)\u7684key\u957f\u5ea6\u641e\u6df7\u6dc6\u4e86\uff0c\u5bf9\u79f0\u52a0\u5bc6\u7684key\u901a\u5e38\u6bd4\u975e\u5bf9\u79f0\u52a0\u5bc6\u7684key\u77ed\u591a\u4e86\u3002<\/div>\n<div><\/div>\n<div>\u4e0b\u8868\u5bf9\u6bd4\u4e86\u76f8\u540c\u5b89\u5168\u7a0b\u5ea6\u65f6\uff0c\u4e0d\u540c\u7b97\u6cd5\u7684\u5bc6\u94a5\u957f\u5ea6\uff0c\u5355\u4f4d:bit<\/div>\n<div><\/div>\n<div>Symmetric ECCDH\/DSA\/RSA<\/div>\n<div>80 163 1024<\/div>\n<div>112 233 2048<\/div>\n<div>128 283 3072<\/div>\n<div>192 409 7680<\/div>\n<div>256 571 15360<\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514d\u4f7f\u7528\u5de8\u5927key\u7684\u7b97\u6cd5(\u4f7f\u7528\u8fdc\u5927\u4e8e256\u7684key\uff0c\u53ea\u80fd\u8bf4\u660e\u4f7f\u7528\u8005\u6ca1\u6709\u5b89\u5168\u6982\u5ff5)<\/div>\n<div>\u907f\u514d\u628a\u591a\u4e2a\u52a0\u5bc6\u7b97\u6cd5\u4e32\u8054\u53e0\u52a0\u8d77\u6765\u4f7f\u7528\uff0c\u8fd9\u5e76\u6ca1\u6709\u4ec0\u4e48\u5375\u7528<\/div>\n<div>\u907f\u514d128bit\u4ee5\u4e0b\u7684key\u957f\u5ea6(\u6bd4\u5982\uff0c\u54e5\u4eec\u6c42\u4f60\u522b\u518d\u63d0DES\u8fd9\u79cd56bit\u5bc6\u94a5\u7684\u53e4\u8463\u4e86)<\/div>\n<div>3. \u5bf9\u79f0\u7b7e\u540d:<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u9009\u62e9 HMAC \u7c7b\u7684\u7b97\u6cd5<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f\uff1a\u5b89\u5168\u52a0\u56fa\u4e00\u4e2aAPI\uff0c\u5982\u5404\u79cd\u5f00\u653eAPI\u7684\u8c03\u7528\u65b9\u8ba4\u8bc1<\/div>\n<div><\/div>\n<div>\u5982\u679c\u5bf9\u4e00\u4e2aAPI\uff0c\u4f60\u9700\u8981\u505a\u8ba4\u8bc1(authenticating)\uff0c\u4f46\u662f\u4e0d\u9700\u8981\u505a\u52a0\u5bc6(encrypting)\uff0c\u8bb0\u5f97\u5343\u4e07\u4e0d\u8981\u81ea\u5df1\u53d1\u660e\u7b97\u6cd5\uff0c\u4f60\u81ea\u5df1\u53d1\u660e\u7684MAC\u7b97\u6cd5\u57fa\u672c\u90fd\u6709\u5b89\u5168<a class=\"keylink\" href=\"http:\/\/www.2cto.com\" target=\"_blank\">\u6f0f\u6d1e<\/a>\uff0c\u5982\u679c\u4e0d\u4fe1\uff0c\u8bf7Google\u4e00\u4e0b \u201c\u957f\u5ea6\u6269\u5c55\u653b\u51fb\u201d \u957f\u5ea6\u6269\u5c55\u653b\u51fb Flickr\u7684\u6f0f\u6d1e\u6848\u4f8b<\/div>\n<div><\/div>\n<div>\u540c\u65f6\uff0c\u5fc5\u987b\u8981\u6ce8\u610f\u7684\u662f\uff0c\u8981\u4f7f\u7528\u4e00\u4e2a\u5e38\u6570\u65f6\u95f4\u5b57\u7b26\u4e32\u5bf9\u6bd4\u7b97\u6cd5\uff08\u8fd9\u4e2a\u5730\u65b9\u548c\u7801\u519c\u7684\u5e38\u8bc6\u5b8c\u5168\u76f8\u53cd\uff0c\u8bf7\u52a1\u5fc5\u7559\u610f\uff09<\/div>\n<div><\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514d\u81ea\u884c\u8bbe\u8ba1\u7684\u201c\u5e26\u5bc6\u7801\u7684hash\u201d\u7ed3\u6784\uff0c\u4f60\u7684\u8bbe\u8ba1\u57fa\u672c\u90fd\u662f\u6709\u5b89\u5168\u6f0f\u6d1e\u7684<\/div>\n<div>\u907f\u514dHMAC-MD5\uff0c\u907f\u514dHMAC-SHA1\uff0c\u4f7f\u7528HMAC-SHA256, HMAC-SHA512\u7b49<\/div>\n<div>\u907f\u514d\u590d\u6742\u7684\u591a\u9879\u5f0fMAC<\/div>\n<div>\u907f\u514d\u52a0\u5bc6hash\u503c\u7684\u7ed3\u6784<\/div>\n<div>\u907f\u514dCRC<\/div>\n<div>4. Hashing\/HMAC \u7b97\u6cd5<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u9009\u62e9SHA2\u7c7b\u7684\u7b97\u6cd5:: SHA-256, SHA-384, SHA-512, SHA-512\/256<\/div>\n<div><\/div>\n<div>\u4f18\u5148\u4f7f\u7528 SHA-512\/256\uff0cSHA-512\/256\u8fd9\u4e2a\u7b97\u6cd5\u628a SHA-512 \u7684512bit\u8f93\u51fa\u622a\u77ed\u5230256bit\uff0c\u907f\u5f00\u4e86length extension \u653b\u51fb\u3002 \u540c\u65f6\uff0c\u76ee\u524dSHA-2\u662f\u5f88\u5b89\u5168\u53ef\u9760\u7684\uff0c\u4f60\u4e0d\u9700\u8981\u5347\u7ea7\u5230SHA-3.<\/div>\n<div><\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514dSHA-1<\/div>\n<div>\u907f\u514dMD5<\/div>\n<div>\u907f\u514dMD6<\/div>\n<div>5. \u968f\u673aID<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528256 bit\u7684\u968f\u673a\u503c<\/div>\n<div><\/div>\n<div>\u4e00\u5b9a\u8981\u4f7f\u7528 \/dev\/urandom\uff0c\u8bf7\u8ba4\u51c6\u8fd9\u4e2a<\/div>\n<div><\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514d\u7528\u6237\u7a7a\u95f4\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u5982:havaged,prngs,egd,\u7b49<\/div>\n<div>\u907f\u514d\/dev\/random<\/div>\n<div>6. \u5bc6\u7801\u5904\u7406<\/div>\n<div><\/div>\n<div>\u6309\u7167\u4f18\u5148\u7ea7\u987a\u5e8f,\u9009\u62e9\uff1a<\/div>\n<div><\/div>\n<div>scrypt<\/div>\n<div>bcrypt<\/div>\n<div>\u5982\u679c\u4ee5\u4e0a2\u4e2a\u90fd\u6ca1\u6709\uff0c\u90a3\u5c31\u7528PBKDF2<\/div>\n<div>\u6b64\u5916\uff0c\u5e94\u8be5<\/div>\n<div><\/div>\n<div>\u907f\u514d\u76f4\u63a5SHA-2<\/div>\n<div>\u907f\u514d\u76f4\u63a5SHA-1<\/div>\n<div>\u907f\u514d\u76f4\u63a5MD5<\/div>\n<div>7. \u975e\u5bf9\u79f0\u52a0\u5bc6<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528NaCl\u5e93<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f\uff1a\u5f53\u4f60\u9700\u8981\u52a0\u5bc6\u6d88\u606f\uff0c\u53d1\u7ed9\u964c\u751f\u4eba\uff0c\u5e76\u4e14\u5bf9\u65b9\u5f02\u6b65\u63a5\u6536\u6d88\u606f\uff0c\u505a\u79bb\u7ebf\u89e3\u5bc6\u65f6\u3002\u8fd9\u662f\u4e00\u4e2a\u5f88\u7a84\u7684\u5e94\u7528\u6848\u4f8b\uff0c\u8fd9\u79cd\u7528\u6cd5\u6709\u4e2a\u540d\u5b57\u53eb\u7535\u5b50\u4fe1\u5c01(digital envelope)\uff0c\u5178\u578b\u6bd4\u5982gpg\u52a0\u5bc6\u6587\u4ef6\u540e\u53d1\u9001\u3002<\/div>\n<div><\/div>\n<div>\u8fd9\u6761\u662f\u51e0\u6761\u4e4b\u4e2d\u6700\u96be\u505a\u6b63\u786e\u7684\uff0c\u4e0d\u8981\u4f7f\u7528\u5e95\u5c42\u7684\u5bc6\u7801\u5b66\u5e93\uff0c\u6bd4\u5982OpenSSL\u6216\u8005BouncyCastle\u3002<\/div>\n<div><\/div>\n<div>\u4f60\u5e94\u8be5\u505c\u6b62\u4f7f\u7528RSA\uff0c\u5e76\u4e14\u5207\u6362\u5230\u692d\u5706\u66f2\u7ebf\u7c7b\u4f53\u5236\uff0c\u539f\u56e0\u662f\uff1a<\/div>\n<div><\/div>\n<div>\u5bf9RSA\u7684\u653b\u51fb\u80fd\u529b\u7684\u8fdb\u6b65 \u2014\u2013 \u5b9a\u4e49\u5728\u4f20\u7edf\u8d28\u6570\u57df\u4e0a\u7684\u4e58\u6cd5\u8fd0\u7b97(\u5e94\u7528\u5305\u62ecDH,DSA,ElGamal\u7b49)\uff0c\u8981\u6bd4\u692d\u5706\u66f2\u7ebf\u57df\u4e0a\u7684\u4e58\u6cd5\u8fd0\u7b97\u5feb\u5f97\u591a\u3002\u8fd9\u662f\u7531\u4e8e\u8d28\u6570\u57df\u4e0a\u6570\u57df\u7b5b\u6cd5\uff08number field sieve,NFS\uff09\u7684\u8fdb\u5c55\uff0c\u800c\u5728\u692d\u5706\u66f2\u7ebf\u57df\u4e0a\uff0c\u6ca1\u6709NFS\u8fd9\u7c7b\u7b97\u6cd5\u3002<\/div>\n<div>RSA (\u548cDH) \u6216\u8feb\u4f7f\u4f60\u8003\u8651\u201c\u5411\u540e\u517c\u5bb9\u6027\u201d\uff0c\u800c\u692d\u5706\u66f2\u7ebf\u4f53\u5236\u6ca1\u6709\u8fd9\u79cd\u517c\u5bb9\u6027\u5305\u88b1\u3002TLS\u6700\u8fd1\u7684\u51e0\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u90e8\u5206\u613f\u610f\u4e5f\u662f\u7531\u4e8e\u8fd9\u79cd\u5411\u540e\u517c\u5bb9\u6027\uff0c\u5bfc\u81f4\u5df2\u7ecf\u88ab\u7834\u89e3\u7684\u9648\u65e7\u7b97\u6cd5\u5b58\u5728<\/div>\n<div>RSA\u5728\u4e00\u822c\u573a\u666f\u4e2d\uff0c\u90fd\u662f\u76f4\u63a5\u7528\u516c\u94a5\u505a\u975e\u5bf9\u79f0\u52a0\u5bc6\uff0c\u8fd9\u79cd\u7528\u6cd5\u4e27\u5931\u4e86\u524d\u5411\u5b89\u5168\u6027(Perfect Forward Secrecy)\u3002\u800c\u692d\u5706\u66f2\u7ebf\u5c31\u4e0d\u63d0\u5021\uff0c\u4e5f\u5f88\u96be\u8fd9\u6837\u4f7f\u7528\uff0c\u8fd9\u6837\u4f60\u5c31\u4e0d\u4f1a\u5bb3\u6b7b\u81ea\u5df1\u4e86\u3002<\/div>\n<div>\u5728\u692d\u5706\u66f2\u7ebf\u4f53\u5236\u4e0b\uff0c\u4fdd\u8bc1\u6b63\u786e\u6027\u548c\u5b89\u5168\u6027\u7684\u91cd\u4efb\uff0c\u4e3b\u8981\u7531\u5bc6\u7801\u5b66\u5bb6\u627f\u62c5\uff0c\u5bc6\u7801\u5b66\u5bb6\u4f1a\u63d0\u4f9b\u4e00\u7ec4\u66f2\u7ebf\u53c2\u6570\uff0c\u5728\u67d0\u4e00\u6027\u80fd\u6c34\u5e73\u4e0b\uff0c\u9488\u5bf9\u5b89\u5168\u6027\u548c\u6027\u80fd\u505a\u4f18\u5316\u3002 \u8fd9\u6837\u7a0b\u5e8f\u5458\u4e0d\u5bb9\u6613\u8bef\u7528\u800c\u5bb3\u6b7b\u81ea\u5df1\u3002\u5728RSA\u4f53\u5236\u4e0b\uff0c\u6b63\u597d\u76f8\u53cd\uff0c\u7a0b\u5e8f\u5458\u5fc5\u987b\u63d0\u4f9b\u53c2\u6570\u6765\u4fdd\u8bc1\u6b63\u786e\u6027\u548c\u5b89\u5168\u6027\uff0c\u5c31\u7b97\u662fRSA-OAEP\u8fd9\u79cd\u5f88\u597d\u7684\u8bbe\u8ba1\uff0c\u7a0b\u5e8f\u5458\u4e5f \u5fc5\u987b\u77e5\u9053\u600e\u4e48\u63d0\u4f9b\u53c2\u6570\uff0c\u8fd9\u6837\u7a0b\u5e8f\u5458\u5f88\u5bb9\u6613\u641e\u9519\u3002<\/div>\n<div>\u5982\u679c\u4f60\u5fc5\u987b\u4f7f\u7528RSA\uff0c\u4e00\u5b9a\u8981\u4f7f\u7528RSA-OAEP with SHA256\uff0c\u6307\u6570\u4f7f\u7528 65537<\/div>\n<div><\/div>\n<div>\u907f\u514d RSA-PKCS1v15<\/div>\n<div>\u907f\u514d ElGamal<\/div>\n<div>\u907f\u514d RSA<\/div>\n<div>8. \u975e\u5bf9\u79f0\u7b7e\u540d<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528NaCl\uff0cEd25519\uff0c\u6216\u8005RFC6979<\/div>\n<div><\/div>\n<div>\u5e94\u7528\u573a\u666f\uff1a\u5982\u679c\u4f60\u5728\u8bbe\u8ba1\u4e00\u79cd\u65b0\u7684\u6bd4\u7279\u5e01\uff0c\u6216\u8005\u4e00\u4e2a\u7ed9Ruby Gems\u6216\u8005Vagrant imges\u6587\u4ef6\u7b7e\u540d\u7684\u7cfb\u7edf\uff0c\u6216\u8005\u6570\u5b57\u7248\u6743\u4fdd\u62a4\u7cfb\u7edf(DRM)\uff0c\u5176\u4e2d\u4e00\u7cfb\u5217\u7684\u6587\u4ef6\u9700\u8981\u79bb\u7ebf\u505a\u8ba4\u8bc1\uff1b \u6216\u8005\u4f60\u5728\u8bbe\u8ba1\u4e00\u4e2a\u52a0\u5bc6\u6d88\u606f\u4f20\u8f93\u5c42<\/div>\n<div><\/div>\n<div>\u4e0a\u4e00\u6761\u7684\u5185\u5bb9\u5728\u6b64\u5904\u5168\u90e8\u9002\u7528\u3002<\/div>\n<div><\/div>\n<div>\u572810+\u5e74\u505a\u4ed8\u8d39\u8f6f\u4ef6\u5b89\u5168\u8bc4\u4f30\u7684\u5de5\u4f5c\u7ecf\u5386\u4e2d\uff0c\u6211\u53ea\u6709\u5c48\u6307\u53ef\u6570\u7684\u51e0\u6b21\uff0c\u9047\u5230\u4f7f\u7528RSA-PSS\u7684\u7528\u6237\uff0cRSA-PSS\u662f\u4e00\u4e2a\u5b66\u672f\u754c\u7684\u63a8\u8350\u7b97\u6cd5\u3002<\/div>\n<div><\/div>\n<div>\u8fc7\u53bb10\u5e74\uff0c\u975e\u5bf9\u79f0\u7b7e\u540d\u6700\u4e3b\u8981\u7684\u5e94\u7528\u573a\u666f\u662f\u6bd4\u7279\u5e01\uff0c\u548c\u524d\u5411\u5b89\u5168\u7684\u5bc6\u94a5\u534f\u5546\uff08TLS\u534f\u8bae\u91cc\u9762\u7684ECDHE\uff09\u3002 \u5176\u4e2d\u6700\u4e3b\u8981\u7684\u7b97\u6cd5\u5168\u90fd\u662f\u57fa\u4e8e\u692d\u5706\u66f2\u7ebf\u4f53\u5236\u7684\u3002\u52a1\u5fc5\u8b66\u60d5\u65b0\u51fa\u73b0\u7684\u4f7f\u7528RSA\u7b7e\u540d\u7684\u7cfb\u7edf\uff0c\u5f88\u6709\u53ef\u80fd\u6709\u95ee\u9898\u3002<\/div>\n<div><\/div>\n<div>\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\uff0c\u4e1a\u754c\u6709\u4e00\u79cd\u8d8b\u52bf\uff1a\u653e\u5f03\u4f20\u7edfDSA\u7b7e\u540d\uff0c\u6539\u4e3a\u96be\u4ee5\u8bef\u7528\u7684\u786e\u5b9a\u6027\u7b7e\u540d\u4f53\u5236\uff0c\u5176\u4e2d\u7684EdDSA(\u4e0d\u8981\u548cECDSA\u641e\u6df7\u4e86\u5582\uff01)\u548c RFC6979\u662f\u6700\u597d\u7684\u4f8b\u5b50\u3002\u8fd9\u79cd\u8d8b\u52bf\u7684\u4e3b\u8981\u662f\u53d7\u52302010\u5e74\u7d22\u5c3cPlayStation 3\u7684 ECDSA\u79c1\u94a5\u88ab\u7834\u89e3\u4e8b\u4ef6\u7684\u5f71\u54cd\uff0c\u5728\u8fd9\u4e2a\u6848\u4f8b\u4e2d\uff0c\u7d22\u5c3c\u516c\u53f8\u7684\u7801\u519c\u9519\u8bef\u5730\u628a\u4e00\u4e2a\u968f\u673a\u6570\u91cd\u590d\u4f7f\u7528\u6765\u505aECDSA\u7b7e\u540d\uff0c\u5f62\u6210\u4e86\u6f0f\u6d1e\uff0c\u4f7f\u5f97\u7834\u89e3\u8005\u636e\u6b64\u76f4\u63a5\u628a\u79c1\u94a5\u7b97 \u51fa\u6765\u4e86\u3002\u786e\u5b9a\u6027\u7b7e\u540d\u4f53\u5236\u5728\u8bbe\u8ba1\u4e2d\u4e0d\u518d\u4f9d\u8d56\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u56e0\u6b64\u5f7b\u5e95\u907f\u5f00\u6b64\u7c7b\u8bef\u7528\u3002\u6240\u4ee5\u4f60\u5e94\u8be5\u4f18\u5148\u4f7f\u7528\u786e\u5b9a\u6027\u7b7e\u540d\u4f53\u5236\u3002<\/div>\n<div><\/div>\n<div>\u907f\u514dRSA-PKCS1v15\uff0c\u907f\u514dRSA\uff0c\u907f\u514dECDSA\uff0c\u907f\u514dDSA<\/div>\n<div>\u7279\u522b\u8981\u907f\u514d\u5e38\u89c4\u7684DSA\u548cECDSA<\/div>\n<div>9. Diffie-Hellman \u5bc6\u94a5\u4ea4\u6362<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528NaCl\uff0cCurve25519\uff0c\u6216\u8005DH-2048<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f:\u5982\u679c\u4f60\u5728\u8bbe\u8ba1\u52a0\u5bc6\u6d88\u606f\u4f20\u8f93\u7cfb\u7edf\uff0c\u5e76\u4e14\u65e0\u6cd5\u4f7f\u7528\u56fa\u5b9a\u5bf9\u79f0\u5bc6\u7801<\/div>\n<div><\/div>\n<div>\u8fd9\u662f\u5f88\u68d8\u624b\u7684\u4e00\u6761\uff0c\u4e3b\u8981\u8003\u91cf\u5982\u4e0b\uff1a<\/div>\n<div><\/div>\n<div>\u5982\u679c\u4f60\u80fd\u4f7f\u7528NaCl\u5e93\uff0c\u90a3\u5c31\u4f7f\u7528NaCl\u5e93\u3002\u4f60\u751a\u81f3\u4e0d\u9700\u8981\u7ba1NaCl\u662f\u4ec0\u4e48\u3002<\/div>\n<div>\u5982\u679c\u4f60\u80fd\u4f7f\u7528\u4e00\u4e2a\u53ef\u4fe1\u8d56\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u90a3\u5c31\u4f7f\u7528Curve25519\uff0c\u8fd9\u662f\u4e00\u6761\u73b0\u4ee3\u7684ECDH\u66f2\u7ebf\uff0c\u6709\u4e30\u5bcc\u7684\u5f00\u6e90\u4ee3\u7801\uff0c\u6027\u80fd\u7ecf\u8fc7\u9ad8\u5ea6\u4f18\u5316\uff0c\u88ab\u5f7b\u5e95\u5730\u5b89\u5168\u5206\u6790\u8fc7\u3002\u5e76\u4e14Curve25519\u5373\u5c06\u8fdb\u5165TLS 1.3\u7248\u672c\u6807\u51c6\u3002<\/div>\n<div>\u4f46\u662f\u7edd\u5bf9\u4e0d\u8981\u81ea\u5df1\u5b9e\u73b0Curve25519\uff0c\u4e5f\u7edd\u5bf9\u4e0d\u8981\u81ea\u5df1\u79fb\u690dCurve25519\u7684C\u4ee3\u7801<\/div>\n<div>\u5982\u679c\u4f60\u4e0d\u80fd\u4f7f\u7528\u7b2c\u4e09\u65b9ECDH\u5e93\uff0c\u4f46\u662f\u53ef\u4ee5\u4f7f\u7528DH\u5e93\uff0c\u90a3\u5c31\u4f7f\u7528DH-2048\uff0c\u4f7f\u75281\u4e2a\u6807\u51c6\u76842048 bit\u7684\u7fa4\u3002<\/div>\n<div>\u4f46\u662f\u4e0d\u8981\u4f7f\u7528\u4f20\u7edf\u7684DH\uff0c\u5982\u679c\u4f60\u9700\u8981\u534f\u5546DH\u53c2\u6570\uff0c\u6216\u8005\u548c\u5176\u4ed6\u5b9e\u73b0\u4e92\u64cd\u4f5c<\/div>\n<div>\u5982\u679c\u4f60\u4e00\u5b9a\u8981\u505a\u63e1\u624b\u534f\u5546\uff0c\u6216\u8005\u548c\u65e7\u8f6f\u4ef6\u4e92\u64cd\u4f5c\uff0c\u90a3\u4e48\u8003\u8651\u4f7f\u7528NIST P-256, NIST P-256 \u6709\u5e7f\u6cdb\u7684\u8f6f\u4ef6\u652f\u6301\u3002<\/div>\n<div>\u5199\u6b7b\u5728\u4ee3\u7801\u91cc\u7684DH-2048\u53c2\u6570\uff0c\u6bd4NIST P-256\u66f4\u5b89\u5168\u3002NIST P-256\u6bd4\u534f\u5546\u51fa\u6765\u7684DH\u66f4\u5b89\u5168\u3002<\/div>\n<div>\u4f46\u662f\uff0c\u7531\u4e8eNIST P-256\u7684\u5b9e\u73b0\u6709\u4e00\u4e9b\u9677\u9631\uff0c\u6240\u4ee5\u4e00\u5b9a\u8981\u8c28\u614e\u9009\u62e9\u53ef\u4fe1\u8d56\u7684\uff0c\u5e7f\u6cdb\u4f7f\u7528\u4f7f\u7684\u7b2c\u4e09\u65b9\u5e93<\/div>\n<div>P-256 \u53ef\u80fd\u662fNIST\u66f2\u7ebf\u4e2d\u6700\u5b89\u5168\u7684\uff0c\u4e0d\u8981\u4f7f\u7528P-224\u3002<\/div>\n<div>DH\uff08\u5bc6\u94a5\u534f\u5546\uff09\u7b97\u6cd5\u786e\u5b9e\u5f88\u96be\u7528\uff0c\u4f46\u662f\u5b83\u5f88\u91cd\u8981\u3002<\/div>\n<div><\/div>\n<div>\u907f\u514d\uff0c\u4f20\u7edf\u5e38\u89c4\u7684 DH, SRP, J-PAKE \u63e1\u624b\u548c\u534f\u5546<\/div>\n<div>\u907f\u5f00\u4efb\u4f55\u53ea\u4f7f\u7528\u4e86\u5757\u52a0\u5bc6\u7b97\u6cd5\u548csrand(time())\u7684\u5bc6\u94a5\u534f\u5546\u6a21\u5f0f\uff08\u80af\u5b9a\u6709\u6f0f\u6d1e\uff09<\/div>\n<div>10. \u7f51\u7ad9\u5b89\u5168<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528OpenSSL\uff0c\u6216\u8005Google\u7684BoringSSL\uff0c\u6216\u8005\u76f4\u63a5\u4f7f\u7528 AWS\u7684 ELB<\/div>\n<div><\/div>\n<div>\u6b64\u5904\u7f51\u7ad9\u5b89\u5168\uff0c\u6307\u7684\u662f\u8ba9\u7f51\u7ad9\u652f\u6301HTTPS\u534f\u8bae\u3002 \u5982\u679c\u4f60\u4e0d\u80fd\u628a\u8fd9\u4e2a\u4efb\u52a1\u4ea4\u7ed9Amazon\u7684\u4e91\u670d\u52a1\u53bb\u505a\uff0c\u628a\u96be\u9898\u7559\u7ed9Amazon\u53bb\u89e3\u51b3\uff0c\u90a3\u4e48OpenSSL\u76ee\u524d\u4ecd\u7136\u662f\u6b63\u786e\u9009\u62e9\u3002<\/div>\n<div><\/div>\n<div>\u907f\u514d\u4e0d\u5e38\u89c1\u7684TLS\u5e93\uff0c\u4f8b\u5982polarssl\uff0cGnuTLS\uff0cMatrixSSL\u7b49<\/div>\n<div>11. \u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u7ed3\u6784\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\uff1a<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528TLS<\/div>\n<div><\/div>\n<div>\u9002\u7528\u573a\u666f\uff1a\u5982\u679c\u4f60\u4ee5\u4e3a\u81ea\u5df1\u7406\u89e3\u4e86\u524d\u9762\u5173\u4e8e\u516c\u94a5\u52a0\u5bc6\u7684\u4ecb\u7ecd\u3002\u3002\u3002<\/div>\n<div><\/div>\n<div>\u901a\u5e38\uff0c\u5728\u4f60\u8bbe\u8ba1\u4e86\u81ea\u5df1\u7684RSA\u534f\u8bae\u4e4b\u540e\u76841\u81f318\u4e2a\u6708\uff0c\u4f60\u80af\u5b9a\u4f1a\u53d1\u73b0\uff0c\u4f60\u72af\u4e86\u67d0\u4e2a\u9519\u8bef\uff0c\u4f7f\u4f60\u7684\u534f\u8bae\u6ca1\u6709\u4efb\u4f55\u5b89\u5168\u6027\u3002 \u6bd4\u5982Salt Stack\uff0cSalt Stack\u7684\u534f\u8bae\u4f7f\u7528\u4e86 e=1 \u7684RSA \u516c\u94a5\u3002\u3002\u3002<\/div>\n<div><\/div>\n<div>\u542c\u8d77\u6765\uff0cTLS\u6709\u4e0b\u9762\u8fd9\u4e9b\u9ed1\u5386\u53f2\uff1a<\/div>\n<div><\/div>\n<div>The Logjam DH negotiation attack<\/div>\n<div>The FREAK export cipher attack<\/div>\n<div>The POODLE CBC oracle attack<\/div>\n<div>The RC4 fiasco<\/div>\n<div>The CRIME compression attack<\/div>\n<div>The Lucky13 CBC padding oracle timing attack<\/div>\n<div>The BEAST CBC chained IV attack<\/div>\n<div>Heartbleed<\/div>\n<div>Renegotiation<\/div>\n<div>Triple Handshakes<\/div>\n<div>Compromised CAs<\/div>\n<div>\u4f46\u662f\uff0c\u4f60\u4ecd\u7136\u5e94\u8be5\u4f7f\u7528TLS\u505a\u4f20\u8f93\u534f\u8bae\uff0c\u56e0\u4e3a\uff1a<\/div>\n<div><\/div>\n<div>\u8fd9\u4e9b\u6f0f\u6d1e\u4e2d\u7684\u5927\u90e8\u5206\uff0c\u4ec5\u4ec5\u662f\u9488\u5bf9<a class=\"keylink\" href=\"http:\/\/www.2cto.com\/os\/liulanqi\/\" target=\"_blank\">\u6d4f\u89c8\u5668<\/a>\u7684\uff0c\u56e0\u4e3a\u4ed6\u4eec\u4f9d\u8d56\u53d7\u5bb3\u8005\u6267\u884c\u653b\u51fb\u8005\u63a7\u5236\u7684JavaScript\u811a\u672c\uff0c\u8fd9\u4e9bJavaScript\u811a\u672c\u751f\u6210\u91cd\u590d\u7684\u660e\u6587\uff0c\u6216\u7279\u5b9a\u7684\u660e\u6587\u3002<\/div>\n<div>\u8fd9\u4e9b\u6f0f\u6d1e\u4e2d\u7684\u5927\u90e8\u5206\uff0c\u5176\u5f71\u54cd\u90fd\u53ef\u4ee5\u88ab\u51cf\u8f7b\uff0c\u53ea\u9700\u8981\u4f60\u5728\u4ee3\u7801\u548c\u914d\u7f6e\u91cc\u9762\u5199\u6b7b TLS v1.2, ECDHE\uff0c\u548c AES-GCM\u5c31\u884c\u3002\u8fd9\u542c\u8d77\u6765\u5f88\u68d8\u624b\uff0c\u4f46\u662f\u8fd9\u8fdc\u8fdc\u6ca1\u6709\u4f60\u81ea\u5df1\u8bbe\u8ba1\u4f7f\u7528ECDHE\u548cAES-GCM\u7684\u4f20\u8f93\u534f\u8bae\u68d8\u624b\u3002<\/div>\n<div>\u5728\u4e00\u4e2a\u81ea\u5b9a\u4e49\u7684\u4f20\u8f93\u534f\u8bae\u7684\u573a\u666f\u4e2d\uff0c\u4f60\u5e76\u4e0d\u9700\u8981\u4f9d\u8d56CA\uff0c\u4f60\u53ef\u4ee5\u7528\u4e00\u4e2a\u81ea\u7b7e\u540d\u8bc1\u4e66\uff0c\u5d4c\u5165\u5230\u4f60\u7684\u5ba2\u6237\u7aef\u91cc\u9762\u3002<\/div>\n<div><\/div>\n<div>\u4e0d\u8981\u81ea\u5df1\u8bbe\u8ba1\u52a0\u5bc6\u4f20\u8f93\u534f\u8bae\uff0c\u8fd9\u662f\u6781\u5176\u56f0\u96be\u800c\u6613\u9519\u7684\u5de5\u7a0b\u96be\u9898<\/div>\n<div><\/div>\n<div>\u4f7f\u7528TLS\uff0c\u4f46\u662f\u4e0d\u8981\u4f7f\u7528\u9ed8\u8ba4\u914d\u7f6e<\/div>\n<div>12. \u5728\u7ebf\u5907\u4efd<\/div>\n<div><\/div>\n<div>\u5e94\u8be5\u4f7f\u7528Tarsnap<\/div>\n<div><\/div>\n<div>\u540d\u8bcd\u89e3\u91ca<\/div>\n<div><\/div>\n<div>\u672c\u6587\u7684\u5185\u5bb9\u6bd4\u8f83\u65b0\uff0c\u76f8\u5173\u4e2d\u6587\u8d44\u6599\u6781\u5c11\uff0c\u56e0\u6b64\u6587\u4e2d\u7684\u540d\u8bcd\u5bf9\u8bfb\u8005\u53ef\u80fd\u6709\u70b9\u964c\u751f\uff0c\u6545byron\u8fd9\u91cc\u4ecb\u7ecd\u4e00\u4e0b\u6587\u4e2d\u63d0\u5230\u7684\u4e00\u4e9b\u540d\u8bcd\uff1a<\/div>\n<div><\/div>\n<div>1. NaCl\u5e93:<\/div>\n<div><\/div>\n<div>http:\/\/nacl.cr.yp.to\/ \u662f\u5bc6\u7801\u5b66\u5b66\u672f\u6743\u5a01 Daniel J. Bernstein\u6559\u6388 \u8bbe\u8ba1\u7684\u4e00\u4e2a\u5bc6\u7801\u5b66\u7b97\u6cd5\u5e93\uff0c2008\u5e74\u53d1\u5f00\u59cb\u516c\u5e03\u3002NaCl\u7684\u7279\u70b9\u662f\uff1aapi\u7b80\u6d01\u800c\u6613\u7528\uff0c\u9ad8\u6027\u80fd\uff0c\u9ad8\u5b89\u5168\u6027\uff0c\u4e3b\u8981\u7528\u4e8e\u7f51\u7edc\u901a\u4fe1\uff0c\u52a0\u5bc6\uff0c\u89e3\u5bc6\uff0c\u7b7e\u540d \u7b49\uff0cNaCl\u63d0\u4f9b\u4e86\u6784\u5efa\u9ad8\u5c42\u5bc6\u7801\u5b66\u5de5\u5177\u7684\u6838\u5fc3\u529f\u80fd\u3002<\/div>\n<div><\/div>\n<div>2. libsodium\u5e93:<\/div>\n<div><\/div>\n<div>https:\/\/download.libsodium.org\/doc\/ libsodium\u662f\u5bf9NaCl\u5e93\u7684\u4e00\u4e2a\u5206\u652f\uff0c\u8fdb\u4e00\u6b65\u6539\u8fdb\u63a5\u53e3\u6613\u7528\u6027\uff0c\u548c\u53ef\u79fb\u690d\u6027\u3002<\/div>\n<div><\/div>\n<div>3. AEAD:<\/div>\n<div><\/div>\n<div>https:\/\/www.imperialviolet.org\/2014\/02\/27\/tlssymmetriccrypto.html AEAD\u7684\u6982\u5ff5: \u5728\u901a\u5e38\u7684\u5bc6\u7801\u5b66\u5e94\u7528\u4e2d\uff0cConfidentiality (\u4fdd\u5bc6) \u7528\u52a0\u5bc6\u5b9e\u73b0\uff0cMessage authentication (\u6d88\u606f\u8ba4\u8bc1) \u7528MAC\u5b9e\u73b0\u3002\u8fd9\u4e24\u79cd\u7b97\u6cd5\u7684\u914d\u5408\u65b9\u5f0f\uff0c\u5f15\u53d1\u4e86\u5f88\u591a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fc7\u53bb\u66fe\u7ecf\u67093\u79cd\u65b9\u6cd5\uff1a1. Encrypt-and-MAC 2.MAC-then-Encrypt 3.Encrypt-then-MAC \uff0c\u540e\u6765\u53d1\u73b0\uff0c1\u548c2\u90fd\u662f\u6709\u5b89\u5168\u95ee\u9898\u7684\uff0c\u6240\u4ee5\uff0c2008\u5e74\u8d77\uff0c \u9010\u6e10\u63d0\u51fa\u4e86\u201c\u7528\u4e00\u4e2a\u7b97\u6cd5\u5728\u5185\u90e8\u540c\u65f6\u5b9e\u73b0cipher+MAC\u201d\u7684idea\uff0c\u79f0\u4e3aAEAD(Authenticated encryption with additional data)\u3002 \u5728AEAD\u8fd9\u79cd\u6982\u5ff5\u91cc\uff0ccipher+MAC \u88ab \u4e00\u4e2aAEAD\u7b97\u6cd5\u66ff\u6362\u3002 http:\/\/en.wikipedia.org\/wiki\/Authenticated_encryption<\/div>\n<div><\/div>\n<div>4. ChaCha20-poly1305<\/div>\n<div><\/div>\n<div>ChaCha20-poly1305\u662f\u4e00\u79cdAEAD\uff0c\u63d0\u51fa\u8005\u662fDaniel J. Bernstein\u6559\u6388\uff0c\u9488\u5bf9\u79fb\u52a8\u4e92\u8054\u7f51\u4f18\u5316\uff0c\u76ee\u524dGoogle\u5bf9\u79fb\u52a8\u5ba2\u6237\u7aef\u7684\u6240\u6709\u6d41\u91cf\u90fd\u4f7f\u7528ChaCha20-Poly1305<\/div>\n<div><\/div>\n<div>5. AES-GCM<\/div>\n<div><\/div>\n<div>AES-GCM\u662f\u4e00\u79cdAEAD\uff0c\u662f\u76ee\u524dTLS\u7684\u4e3b\u529b\u7b97\u6cd5\uff0c\u4e92\u8054\u7f51\u4e0ahttps\u6d41\u91cf\u7684\u5927\u90e8\u5206\u4f9d\u8d56\u4f7f\u7528AES-GCM\u3002<\/div>\n<div><\/div>\n<div>6. AES-GCM\u548cChaCha20-Poly1305\u7684\u6027\u80fd\u5bf9\u6bd4\u6d4b\u8bd5\u7ed3\u679c:<\/div>\n<div><\/div>\n<div>Chip AES-128-GCM speed ChaCha20-Poly1305 speed<\/div>\n<div>OMAP 4460 24.1 MB\/s 75.3 MB\/s<\/div>\n<div>Snapdragon S4 Pro41.5 MB\/s 130.9 MB\/s<\/div>\n<div>Sandy Bridge Xeon (AESNI)900 MB\/s 500 MB\/s<\/div>\n<div>7. AES-CBC<\/div>\n<div><\/div>\n<div>\u5173\u4e8eAES-CBC\uff0c\u5728AES-GCM\u6d41\u884c\u4e4b\u524d\uff0cTLS\u4e3b\u8981\u4f9d\u8d56AES-CBC\uff0c\u800c\u7531\u4e8e\u5386\u53f2\u539f\u56e0\uff0cTLS\u5728\u8bbe\u8ba1\u4e4b\u521d\u56fa\u5b9a\u9009\u62e9\u4e86MAC- then-Encrypt\u7ed3\u6784\uff0cAES-CBC\u548cMAC-then-encrypt\u7ed3\u5408\uff0c\u4e3a\u9009\u62e9\u5bc6\u6587\u653b\u51fb(CCA)\u521b\u9020\u4e86\u4fbf\u5229\u6761\u4ef6\uff0cTLS\u5386\u53f2\u4e0a\u6709\u591a\u4e2a\u6f0f \u6d1e\u90fd\u548cCBC\u6a21\u5f0f\u6709\u5173\uff1a<\/div>\n<div><\/div>\n<div>The POODLE CBC oracle attack:\u53c2\u8003: 1.POODLE\u7684\u4e00\u4e2a\u5206\u6790 2.openssl\u7684\u5206\u6790 3.\u4e4c\u4e91\u7684\u6587\u7ae0<\/div>\n<div>The CRIME compression attack:<\/div>\n<div>The Lucky13 CBC padding oracle timing attack:<\/div>\n<div>The BEAST CBC chained IV attack:<\/div>\n<div>8. SHA2<\/div>\n<div><\/div>\n<div>http:\/\/en.wikipedia.org\/wiki\/SHA-2<\/div>\n<div><\/div>\n<div>9. Curve25519<\/div>\n<div><\/div>\n<div>http:\/\/cr.yp.to\/ecdh.html Curve25519 \u662f\u76ee\u524d\u6700\u9ad8\u6c34\u5e73\u7684 Diffie-Hellman\u51fd\u6570\uff0c\u9002\u7528\u4e8e\u5e7f\u6cdb\u7684\u573a\u666f\uff0c\u7531Daniel J. Bernstein\u6559\u6388\u8bbe\u8ba1\u3002\u7531\u4e8eNIST P-256\u7684\u8bbe\u8ba1\u8fc7\u7a0b\u4e0d\u900f\u660e\uff0c\u6709\u6765\u5386\u4e0d\u660e\u7684\u53c2\u6570\uff0c\u88ab\u5e7f\u6cdb\u6000\u7591\u6709\u540e\u95e8\uff0c\u6240\u4ee5\u8bbe\u8ba1\u4e86Curve25519\uff0cCurve25519\u7684\u8bbe\u8ba1\u8fc7\u7a0b\u5b8c\u5168\u516c\u5f00\uff0c\u6ca1\u6709\u4efb\u4f55 \u6765\u5386\u4e0d\u660e\u7684\u53c2\u6570\u3002 \u90e8\u7f72\u60c5\u51b5\uff1ahttp:\/\/ianix.com\/pub\/curve25519-deployment.html<\/div>\n<div><\/div>\n<div>10. Ed25519<\/div>\n<div><\/div>\n<div>http:\/\/ed25519.cr.yp.to\/ Ed25519\u662f\u4e00\u4e2a\u6570\u5b57\u7b7e\u540d\u7b97\u6cd5\uff0c<\/div>\n<div><\/div>\n<div>\u7b7e\u540d\u548c\u9a8c\u8bc1\u7684\u6027\u80fd\u90fd\u6781\u9ad8\uff0c \u4e00\u4e2a4\u68382.4GHz \u7684 Westmere cpu\uff0c\u6bcf\u79d2\u53ef\u4ee5\u9a8c\u8bc1 71000 \u4e2a\u7b7e\u540d<\/div>\n<div>\u5b89\u5168\u6027\u6781\u9ad8\uff0c\u7b49\u4ef7\u4e8eRSA\u7ea63000-bit<\/div>\n<div>\u7b7e\u540d\u8fc7\u7a0b\u4e0d\u4f9d\u8d56\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u4e0d\u4f9d\u8d56hash\u51fd\u6570\u7684\u9632\u78b0\u649e\u6027\uff0c\u6ca1\u6709\u65f6\u95f4\u901a\u9053\u653b\u51fb\u7684\u95ee\u9898<\/div>\n<div>\u5e76\u4e14\u7b7e\u540d\u5f88\u5c0f\uff0c\u53ea\u670964\u5b57\u8282\uff0c\u516c\u94a5\u4e5f\u5f88\u5c0f\uff0c\u53ea\u670932\u5b57\u8282\u3002 \u90e8\u7f72\u60c5\u51b5\uff1ahttp:\/\/ianix.com\/pub\/ed25519-deployment.html<\/div>\n<div>11. \u524d\u5411\u5b89\u5168\u6027<\/div>\n<div><\/div>\n<div>\u524d\u5411\u5b89\u5168\u6027( Perfect Forward Secrecy ) http:\/\/vincent.bernat.im\/en\/blog\/2011-ssl-perfect-forward-secrecy.html \u524d\u5411\u5b89\u5168\u6027\u6307\u7684\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u6293\u53d6\u5e76\u4fdd\u5b58\u6d41\u91cf\uff0c\u90a3\u4e48\u5c06\u6765\u79c1\u94a5\u6cc4\u9732\u540e\uff0c\u653b\u51fb\u8005\u4e5f\u65e0\u6cd5\u5229\u7528\u6cc4\u9732\u7684\u79c1\u94a5\u89e3\u5bc6\u8fd9\u4e9b\u6d41\u91cf\u3002<\/div>\n<div><\/div>\n<div>12. Diffie-Hellman \u5bc6\u94a5\u4ea4\u6362<\/div>\n<div><\/div>\n<div>http:\/\/en.wikipedia.org\/wiki\/Diffie%E2%80%93Hellman_key_exchange \u5728\u4efb\u4f55\u4e00\u672c\u5bc6\u7801\u5b66\u6559\u6750\u91cc\u9762\u90fd\u4f1a\u91cd\u70b9\u4ecb\u7ecd\u7684<\/div>\n<div><\/div>\n<div>13. constant time compare<\/div>\n<div><\/div>\n<div>\u9488\u5bf9Timing attack\uff0chttp:\/\/en.wikipedia.org\/wiki\/Timing_attack \uff08\u8fd9\u79cd\u653b\u51fb\u771f\u662f\u8111\u6d1e\u5927\u5f00\uff01\uff09 \u5f53\u4e00\u4e2a\u7b97\u6cd5\u7684\u8fd0\u884c\u65f6\u95f4\u548c\u8f93\u5165\u6570\u636e\u6709\u5173\u7684\u65f6\u5019\uff0c\u53ef\u4ee5\u6839\u636e\u8fd0\u884c\u65f6\u95f4\u8fd9\u4e00\u4fe1\u606f\uff0c<a class=\"keylink\" href=\"http:\/\/www.2cto.com\/Article\/jiami\/\" target=\"_blank\">\u7834\u89e3<\/a>\u51fa \u5bc6\u94a5\u7b49\u3002 \u5178\u578b\u7684\uff0c\u6bd4\u5982\u8981\u9a8c\u8bc1\u4e00\u4e2a\u5bf9\u79f0\u7b7e\u540d\uff0c\u5982\u679c\u4f60\u7528\u4e86C\u5e93\u91cc\u9762\u7684memcmp()\uff0c\u90a3\u4f60\u5c31\u4f1a\u88abtiming attack\u65b9\u5f0f\u653b\u51fb\u3002 \u56e0\u6b64\uff0c\u6d89\u53ca\u5230\u5bc6\u7801\u5b66\u6570\u636e\u7684memcmp\uff0c\u5fc5\u987b\u8981\u7528\u8fd0\u884c\u65f6\u95f4\u548c\u8f93\u5165\u65e0\u5173\u7684\u51fd\u6570\uff0c\u6bd4\u5982OpenSSL\u5e93\u91cc\u9762\u7684CRYPTO_memcmp()<\/div>\n<\/dd>\n<\/dl>\n","protected":false},"excerpt":{"rendered":"<p>http:\/\/www.2cto.com\/Article\/201509\/44215 &hellip; <a href=\"https:\/\/blog.zhenglei.net\/?p=255416\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[271],"class_list":["post-255416","post","type-post","status-publish","format-standard","hentry","category-software-download","tag-crypto"],"_links":{"self":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=255416"}],"version-history":[{"count":1,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255416\/revisions"}],"predecessor-version":[{"id":255417,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255416\/revisions\/255417"}],"wp:attachment":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=255416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=255416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=255416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}