再谈如何安全地在 Android 中存储令牌 #1706
Merged
再谈如何安全地在 Android 中存储令牌 #1706
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
第一位校对者 @HackerKevin |
|
校对 |
|
@luoqiuyu 好哒 |
|
@luoqiuyu @HackerKevin 两位别忘了来校对哈 |
luoqiuyu
reviewed
Jun 4, 2017
|
|
||
| As a prologue to this article, I want to remark a short sentence for the notional reader. This quote will be important as we move forward. | ||
| 作为本文的序言,我想对假想的读者做一个简短的声明。下面的引言对本文的后续内容而言十分重要。 |
luoqiuyu
reviewed
Jun 4, 2017
|
|
||
| Almost three years ago, I wrote [a post](http://codetalk.de/?p=86) giving some ideas to protect String tokens from a hypothetical attacker decompiling our Android application. For the sake of remembrance, and in order to ward off the inescapable death of the Internet, I am reproducing some sections here. | ||
| 大约 3 年前,我写了[一篇文章](http://codetalk.de/?p=86),给出了几种方法来防止反编译我们 Android 应用的潜在攻击者窃取字符串令牌。为了便于回忆,也为了防止不可避免的网络损坏,我将会在此重新列出一些章节。 |
There was a problem hiding this comment.
给出了几种方法来防止反编译我们 Android 应用的潜在攻击者窃取字符串令牌 -> 提出了几种方法来保护字符串令牌防止潜在攻击者反编译我们 Android 应用
There was a problem hiding this comment.
这句话的意思是要保护令牌,而不是防止应用被反编译吧?
There was a problem hiding this comment.
我理解的是保护令牌的目的是防止应用被反编译,而不是通过反编译应用来获取令牌,如果应用已经可以被反编译了令牌也就没有意义了,再者'protect from' 也是'保护...免于..'的意思。
There was a problem hiding this comment.
根据上下文信息,令牌是一个服务端用来鉴别客户端请求是否合法的字符串啊,这样一个字符串怎么能防止应用被反编译呢?
There was a problem hiding this comment.
嗯嗯~是我理解错了,你的理解是对的,不过语序变一下感觉会更好:给出了几种方法来防止潜在攻击者反编译我们 Android 应用来窃取字符串令牌
There was a problem hiding this comment.
嗯,翻译确实是个挺纠结的工作。忠于原文翻译出来的句子就特别别扭,按自己的理解翻译又怕有所偏差。谢谢啦
luoqiuyu
reviewed
Jun 4, 2017
|
|
||
| One of the most common use cases happens when our application needs to communicate with a web service in order to exchange data. This data exchange can oscillate from a less to a more sensitive nature, and vary between a login request, user data alteration petition, etc. | ||
| 一个十分常见的场景是应用需要与服务器连接来交换数据。交换的数据敏感性时小时大,而且不同请求(登陆请求、用户信息变更请求,等)之间交换的数据类型也多种多样。 |
There was a problem hiding this comment.
交换的数据敏感性时小时大,而且不同请求(登陆请求、用户信息变更请求,等)之间交换的数据类型也多种多样。->
数据交换时的敏感度差别很大,尤其是在登陆请求、用户信息变更请求等。
luoqiuyu
reviewed
Jun 4, 2017
| const-string v1, “67a5af7f89ah3katf7m20fdj202” | ||
| ``` | ||
|
|
||
| Yeah, sure. It does not say this is a validation Token, so we still need to go through a meticulous verification to decide how to reach this string and whether it can be used for authentication purposes or not. But you know where I am going: this is mostly a matter of time and resources. | ||
| 是的,我知道。这并不能保证是一个有效的令牌,所以我们仍然需要通过一个精确地验证来决定如何找到那个字符串,和它是否可以用来通过验证。但是你知道我要表达什么:这通常只是时间个资源的问题。 |
There was a problem hiding this comment.
精确地 ->精确的 只是时间个资源的问题 ->只是个时间和资源的问题
luoqiuyu
reviewed
Jun 4, 2017
|
|
||
| The last paragraph includes a series of ideas, but our hypothetical reader has hopefully taken the main point. | ||
| 上面这段包含了一些想法,希望假想的读者已经得到重点了。 |
luoqiuyu
reviewed
Jun 4, 2017
| 3. Do not store String literals in your code. | ||
| 4. Use the NDK to create a self-generated key. | ||
| 1. 绝对的安全是不存在的。 | ||
| 2. 多种保护手段的组合是达到高安全度的关键。 |
luoqiuyu
reviewed
Jun 4, 2017
| 4. Use the NDK to create a self-generated key. | ||
| 1. 绝对的安全是不存在的。 | ||
| 2. 多种保护手段的组合是达到高安全度的关键。 | ||
| 3. 不要在代码中存储字符串字面值。 |
|
校对完成 |
xcg00
reviewed
Jun 6, 2017
|
|
||
| Almost three years ago, I wrote [a post](http://codetalk.de/?p=86) giving some ideas to protect String tokens from a hypothetical attacker decompiling our Android application. For the sake of remembrance, and in order to ward off the inescapable death of the Internet, I am reproducing some sections here. | ||
| 大约 3 年前,我写了[一篇文章](http://codetalk.de/?p=86),给出了几种方法来防止反编译我们 Android 应用的潜在攻击者窃取字符串令牌。为了便于回忆,也为了防止不可避免的网络损坏,我将会在此重新列出一些章节。 |
There was a problem hiding this comment.
“网络损坏” --> “网络瘫痪” (觉得这个应该更能体现 the death of the Internet吧)
There was a problem hiding this comment.
嗯,我没找到更好的翻译~,瘫痪很形象,哈哈
|
|
||
| One of the most common use cases happens when our application needs to communicate with a web service in order to exchange data. This data exchange can oscillate from a less to a more sensitive nature, and vary between a login request, user data alteration petition, etc. | ||
| 一个十分常见的场景是应用需要与服务器连接来交换数据。交换的数据敏感性时小时大,而且不同请求(登陆请求、用户信息变更请求,等)之间交换的数据类型也多种多样。 |
There was a problem hiding this comment.
这种数据交换可以从较小到更敏感的性质振荡,并且在登录请求,用户数据更改请求等之间变化。
|
|
||
| (*)Did I mention that the absolute security does not exist? SSL connections can still be compromised. This article does not intend to provide an extensive list of all the possible attacks, but I want to let you know of a few possibilities. Fake SSL certificates can be used, as well as Man-in-the-Middle attacks. | ||
| (*)我说过绝对的安全不存在吧?SSL 连接仍然可以被攻破。本文不打算提供所有可能的攻击手段列表,我只想让你明白这是可能发生的。可以伪造 SSL 证书,也可以进行中间人攻击。 |
There was a problem hiding this comment.
我只想让你明白这是可能发生的。 --> 我想让你了解几种攻击的可能性
|
|
||
| What about saving this String in one of the other mechanisms provided by Android, such as the SharedPreferences? This is barely a good idea. SharedPreferences can be easily accessed from the Emulator or any rooted device. Some years ago a guy called [Srinivas](http://resources.infosecinstitute.com/android-hacking-security-part-9-insecure-local-storage-shared-preferences/) proofed how the scored could be altered in a video-game. We are running out of options here! | ||
| 那将字符串保存到 Android 提供的其他存储机制中呢,比如说 SharedPreferences?这并不是一个好方法。在模拟器或者 root 过的设备中可以轻易的访问到 SharedPreferences。几年前,一个叫 [Srinivas](http://resources.infosecinstitute.com/android-hacking-security-part-9-insecure-local-storage-shared-preferences/) 的伙计向我们证明了如何更改一个视频游戏中的得分。跑题了! |
| @@ -89,90 +89,89 @@ byte[] encryptedData = encrypt(key,b); | |||
| byte[] decryptedData = decrypt(key,encryptedData); | |||
| ``` | |||
|
|
|||
| Are you guessing the direction? That is right. We could encrypt and decrypt our token on demand. This provides an additional layer of security: when the code gets obfuscated, it is not anymore as straightforward as performing a String search and check the environment surrounding that String. But can you still figure out a problem that needs to be solved? | |||
| 抓到重点了吗?是的,我们可以根据需求来加/解密令牌。这就为我们提供了一个额外的安全层:当代码混淆后,寻找令牌不再像执行字符串搜索和检查字符串周围的环境那样简单了。但是,你能指出还有一个需要解决的问题吗? | |||
|
|
||
| Yes, you are right. We have an encryption key that is being also stored as String. This is adding more layers of security by obscurity, but we still have a token on plain text, regardless of whether this token is used for encryption or is the token per-se. | ||
| 是的。我们仍然有一个加密密钥以字符串的形式存储。虽然这种隐晦的做法增加了更多的安全层,但不管这个令牌是用于加密或它本身就是一个令牌,我们仍然有一个以文本形式存在的令牌。 |
|
@lovexiaov 两位校对者都已经校对好了~ 可以来根据校对意见进行调整了哈 ┏ (゜ω゜)=☞ |
|
@sqrthree @luoqiuyu @HackerKevin 已经根据两位大佬的意见修改完了。 |
linhe0x0
approved these changes
Jun 8, 2017
|
@lovexiaov 已经 merge 啦~ 快快麻溜发布到掘金专栏然后给我发下链接,方便及时添加积分哟。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
非常抱歉,这两天有点事,延期了两天。
对应 ISSUE:#1655