发表新帖
发表新帖

Generating cryptographically secure authentication tokens

后端 未结
关注
7 1783
后悔当初
后悔当初 2020-12-22 15:15

Background:

This is really a general best-practices question, but some background about the specific situation might be helpful:

We are deve

7条回答
  • 太阳男子
    太阳男子 (楼主)
    2020-12-22 15:45

    Building your own authentication system is always a "worst practice". That's the kind of thing best left to professionals who specialize in authentication systems.

    If you're bent on building your own "expiring ticket from a login service" architecture rather than re-using an existing one, it's probably a good idea to at least familiarize yourself with the issues that drove the design of similar systems, like Kerberos. A gentle introduction is here:

    http://web.mit.edu/kerberos/dialogue.html

    It would also be a good idea to take a look at what security holes have been found in Kerberos (and similar systems) over the last 20 years and make sure you don't replicate them. Kerberos was built by security experts and carefully reviewed for decades, and still serious algorithmic flaws are being found in it, like this one:

    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt

    It's a lot better to learn from their mistakes than your own.

    0 讨论(0)
 看不清?
提交回复
热议问题