Hi, everyone. Internet packet encryption was implemented with your help. Thank you.
But I'm curious about how to encrypt the server. Assuming that public-private key encryption is carried out, should the DB contents be encrypted and updated by changing the key value periodically --; Please give me your opinion. And I'm renting a KT server, and I wonder if it's okay if I just install a vaccine for the server. Thank you.
encryption
If you've done a good job of protecting data in transit, as others have said, then you should pay attention to the security of the server that has that information.
You said that there is no point in encrypting the server's data, but not necessarily. Even if it is not a one-way hash, if you generate and encrypt an encryption key based on information that only the client knows, it is not easy to obtain a key that can unlock encrypted information even if the server is robbed.
Of course, if a server is hacked and an attacker is monitoring an incoming network, it can steal information such as passwords needed to generate keys in the middle, but this can only decrypt data from exposed clients through network monitoring during that time. It means it's much safer than data that's left unprotected.
These days, computing power has improved a lot, so unless performance is a big issue, don't use the hash MD5 and use SHA1 or higher (personally recommended by SHA256). And for the encryption/decryption algorithm, we recommend that you use DES or 3DES because they are practically out of security, and you can use AES.
If you classify it as one-way, two-way encryption according to the properties of the data
If decryption is not required, such as passwords, use one-way encryption such as MD5 and SHA1 If you need decryption, such as resident number or chat content, you can use methods such as DES, DES3, ENC, COMPRESS.
Usually, the key is not exposed, so you don't have to renew the key periodically, and the vaccine doesn't protect the data when data is leaked, so you should apply encryption well for sensitive information.
If you're good at packet encryption, the server should lock the server well, not encrypt the data that is stored on the server.
To compare it to a house, even if you lock all the drawers in the house and put a bunch of keys in the bookshelf, the thief comes in and finds the keys to the bookshelf, and all the drawers open. Encryption is the same thing. No matter how well you encrypt the data, the key will eventually be written on the conf or code in the server. Eventually, when a hacker comes in and finds the key, encryption itself becomes meaningless. So normally, the data in the server is not encrypted. Information such as personal passwords that server administrators should not see is stored with one-way encryption.
We need to lock down so that the hacker doesn't penetrate the server, not encrypt the entire data in the server~
© 2024 OneMinuteCode. All rights reserved.