Skip to content

Latest commit

Β 

History

History
331 lines (259 loc) Β· 8.51 KB

plaintext.md

File metadata and controls

331 lines (259 loc) Β· 8.51 KB
Raw

μ‚¬μš©μž μ€‘μš” 정보 평문 μ €μž₯/전솑

μ •μ˜

  • 데이터λ₯Ό ν‰λ¬ΈμœΌλ‘œ 톡신 채널을 톡해 μ†‘μˆ˜μ‹ ν•  경우, 인증받지 μ•Šμ€ μ‚¬μš©μžμ— μ˜ν•΄ λ°œμƒν•œ μŠ€λ‹ˆν•‘μ„ 톡해 λ³΄μ•ˆκ³Ό κ΄€λ ¨λœ μ€‘μš”ν•œ 데이터가 λ…ΈμΆœλ  수 μžˆλ‹€.
    • μŠ€λ‹ˆν•‘ : λ„€νŠΈμ›Œν¬μƒμ—μ„œ λ‹€λ₯Έ μƒλŒ€λ°©λ“€μ˜ νŒ¨ν‚· κ΅ν™˜μ„ μ—Ώλ“£λŠ” ν–‰μœ„. ex) μ „ν™” 도청

μ•ˆμ „ν•œ 코딩기법

  • μ€‘μš”ν•œ 정보λ₯Ό μ €μž₯ν•  λ•Œμ—λŠ” λ°˜λ“œμ‹œ μ•”ν˜Έν™”ν•˜μ—¬ μ €μž₯ν•œλ‹€.
  • μ€‘μš”ν•œ 정보λ₯Ό 톡신 채널을 톡해 전솑할 λ•Œμ—λ„ λ°˜λ“œμ‹œ μ•”ν˜Έν™” 과정을 거쳐야 ν•œλ‹€.
    • ν•„μš”ν•  경우 SSL λ˜λŠ” HTTPS와 같은 λ³΄μ•ˆ 채널을 μ‚¬μš©ν•œλ‹€.
    • λ³΄μ•ˆ 채널을 μ‚¬μš©ν•˜κ±°λ‚˜ λΈŒλΌμš°μ € 쿠킀에 μ€‘μš” 데이터λ₯Ό μ €μž₯ν•˜λŠ” 경우, setSecure(true) λ©”μ†Œλ“œλ₯Ό 톡해 μΏ ν‚€ 객체에 λ³΄μ•ˆμ†μ„±μ„ μ„€μ •ν•˜μ—¬ μ€‘μš”μ •λ³΄ λ…ΈμΆœμ„ 방지할 수 μžˆλ‹€.
    • λ³΄μ•ˆμ†μ„±μ΄ μ„€μ •λœ μΏ ν‚€λŠ” HTTPλ‘œλŠ” μ „μ†‘λ˜μ§€ μ•ŠμœΌλ―€λ‘œ, μ€‘μš” 데이터λ₯Ό μ €μž₯ν•œ μΏ ν‚€λ₯Ό HTTP둜 μ „μ†‘ν•˜κΈ° μœ„ν•΄μ„œλŠ” λ³΄μ•ˆ 속성을 λŒ€μ‹ ν•˜μ—¬ λ°˜λ“œμ‹œ μ•”ν˜Έν™”λ₯Ό μ μš©ν•΄μ•Ό ν•œλ‹€.

JAVA 예제 :

μ•”ν˜Έν™”ν•˜μ§€ μ•Šμ€ νŒ¨μŠ€μ›Œλ“œ μ‚¬μš© ➑ AES μ•”ν˜Έν™”

String password = getPassword();
o.write(password);

νŒ¨μŠ€μ›Œλ“œλ₯Ό μ•”ν˜Έν™”ν•˜μ§€ μ•Šκ³  ν‰λ¬ΈμœΌλ‘œ μ „μ†‘ν•˜κ³  μžˆλ‹€. 이 κ²½μš°μ— νŒ¨ν‚· μŠ€λ‹ˆν•‘μ„ 톡해 νŒ¨μŠ€μ›Œλ“œκ°€ λ…ΈμΆœλ  수 μžˆλ‹€.

μ•ˆμ „ν•˜μ§€ μ•Šμ€ μ½”λ“œ

try {
	Socket s = new Socket("taranis", 4444);
	PrintWriter o = new PrintWriter(s.getOutputStream(), true);
	
	String password = getPassword();
	o.write(password);
} catch (FileNotFoundException e) {
……
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
	
String password = getPassword();
byte[] encPassword = c.update(password.getBytes());

νŒ¨μŠ€μ›Œλ“œλ₯Ό λ„€νŠΈμ›Œν¬λ₯Ό 톡해 μ„œλ²„λ‘œ μ „μ†‘ν•˜κΈ° 전에 μ•”ν˜Έν™”ν•˜μ—¬ μ•ˆμ „ν•œ ν”„λ‘œκ·Έλž¨μ΄λ‹€. 이 μ˜ˆμ œλŠ” AES μ•”ν˜Έν™” μ•Œκ³ λ¦¬μ¦˜μ„ μ‚¬μš©ν•˜μ˜€λ‹€.

μ•ˆμ „ν•œ μ½”λ“œ

try {
	Socket s = new Socket("taranis", 4444);
	PrintStream o = new PrintStream(s.getOutputStream(), true);
	
	Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
	
	String password = getPassword();
	byte[] encPassword = c.update(password.getBytes());
	o.write(encPassword, 0, encPassword.length);
} catch (FileNotFoundException e) {
……

Android-JAVA 예제 :

일반 μ†ŒμΌ“ 톡신 μ‚¬μš©ν•΄ 데이터 λ…ΈμΆœ κ°€λŠ₯ ➑ ν‚€λ₯Ό μ‚¬μš©ν•΄ μ•”ν˜Έν™”

Socket socket = new Socket(hostname, port);

일반적인 μ†ŒμΌ“ 톡신을 μ‚¬μš©ν•˜μ—¬ λ„€νŠΈμ›Œν¬λ₯Ό ν†΅ν•˜μ—¬ 데이터λ₯Ό 외뢀에 μ „μ†‘ν•˜κ³  μžˆλ‹€. λ§ˆμ°¬κ°€μ§€λ‘œ 이 κ²½μš°λ„ νŒ¨ν‚· μŠ€λ‹ˆν•‘μ„ ν†΅ν•˜μ—¬ λ°μ΄ν„°μ˜ λ‚΄μš©μ΄ λ…ΈμΆœλ  수 μžˆλ‹€.

μ•ˆμ „ν•˜μ§€ μ•Šμ€ μ½”λ“œ

public void onCreate(Bundle savedInstanceState) {
	int port = 443;
	String hostname = "hostname";
	Socket socket = new Socket(hostname, port);
	InputStream in = socket.getInputStream();
	OutputStream out = socket.getOutputStream();
	// Read from in and write to out...
	inclose();
	out.close();
}
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);

λ―Όκ°ν•œ 정보λ₯Ό λ„€νŠΈμ›Œν¬λ₯Ό ν†΅ν•˜μ—¬ μ„œλ²„μ— μ „μ†‘ν•˜κΈ° 전에 μ΅œμ†Œν•œ 128λΉ„νŠΈ 길이의 ν‚€λ₯Ό μ΄μš©ν•˜μ—¬ μ•”ν˜Έν™”ν•˜λŠ” 것이 λ°”λžŒμ§ν•˜λ‹€.

μ•ˆμ „ν•œ μ½”λ“œ

public void onCreate(Bundle savedInstanceState) {
	int port = 443;
	String hostname = "hostname";
	SocketFactory socketFactory = SSLSocketFactory.getDefault();
	Socket socket = socketFactory.createSocket(hostname, port);
	InputStream in = socket.getInputStream();
	OutputStream out = socket.getOuputStream();
	// Read from in and write to out..
	in.close();
	out.close();
}

C 예제 :

νŒŒμΌμ—μ„œ 읽은 νŒ¨μŠ€μ›Œλ“œ μ•”ν˜Έν™” 없이 직접 μ—°κ²° ➑ νŒ¨μŠ€μ›Œλ“œ 검증 (AES-CBC μ•”ν˜Έν™”)

fgets(passwd, sizeof(passwd), fp);

νŒ¨μŠ€μ›Œλ“œλ₯Ό νŒŒμΌμ—μ„œ 읽어 였고 μžˆλ‹€.

(SQLCHAR*) passwd,

νŒŒμΌμ—μ„œ μ½μ–΄μ˜¨ νŒ¨μŠ€μ›Œλ“œλ₯Ό μ•”ν˜Έν™” 없이 직접 μ—°κ²°ν•˜κ³  μžˆλ‹€.

μ•ˆμ „ν•˜μ§€ μ•Šμ€ μ½”λ“œ

int dbaccess(){
	FILE *fp; char *server = "DBserver";
	char passwd[20];
	char user[20];
	SQLHENV henv;
	SQLHDBC hdbc;
	fp = fopen("config", "r");
	fgets(user, sizeof(user), fp);
	fgets(passwd, sizeof(passwd), fp);
	fclose(fp);
	SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, &henv);
	SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc);
	SQLConnect(hdbc,
									(SQLCHAR*) server,
									(SQLSMALLINT) strlen(server),
									(SQLCHAR*) user,
									(SQLSMALLINT) strlen(user),
									(SQLCHAR*) passwd,
									(SQLSMALLINT) strlen(passwd) );
	return 0;
}

μ™ΈλΆ€μ—μ„œ μž…λ ₯된 νŒ¨μŠ€μ›Œλ“œλŠ” κ²€μ¦μ˜ 과정을 κ±°μ³μ„œ μ‚¬μš©ν•΄μ•Ό ν•œλ‹€.

char *key;
HCkCrypt2 crypt = CkCrypt2_putCryptAlgorithm(crypt,”aes”);
CkCrypt2_putCipherMode(crypt,”cbc”);

AES-CBC둜 μ•”ν˜Έν™” λͺ¨λ“œλ₯Ό μ„€μ •ν•œλ‹€.

key = getenv(β€œencrypt_key”);
CkCrypt2_SetEncodedKey(crypt,key,”hex”);

μ™ΈλΆ€μ—μ„œ μ•”ν˜Έν™” ν‚€λ₯Ό λΆˆλŸ¬μ™€ μ„€μ •ν•œλ‹€.

fgets(passwd, sizeof(passwd), fp);

νŒ¨μŠ€μ›Œλ“œλ₯Ό νŒŒμΌμ—μ„œ μ½μ–΄μ˜¨λ‹€.

encPasswd = CkCrypt2_encryptStringENC(crypt, passwd);

νŒ¨μŠ€μ›Œλ“œ μ•”ν˜Έν™”λ₯Ό μ§„ν–‰ν•œλ‹€.

(SQLCHAR*) encPasswd,

μ•”ν˜Έν™”λœ νŒ¨μŠ€μ›Œλ“œλ₯Ό μ‚¬μš©ν•œλ‹€.

μ•ˆμ „ν•œ μ½”λ“œ

int dbaccess(){
	FILE *fp; char *server = "DBserver";
	char passwd[20];
	char user[20];
	char *encPasswd;
	char *key;
	SQLHENV henv;
	SQLHDBC hdbc;
	
	HCkCrypt2 crypt = CkCrypt2_putCryptAlgorithm(crypt,”aes”);
	CkCrypt2_putCipherMode(crypt,”cbc”);
	
	key = getenv(β€œencrypt_key”);
	CkCrypt2_SetEncodedKey(crypt,key,”hex”);
	fp = fopen("config", "r");
	fgets(user, sizeof(user), fp);
	
	fgets(passwd, sizeof(passwd), fp);
	fclose(fp);
	
	encPasswd = CkCrypt2_encryptStringENC(crypt, passwd);
	SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, &henv);
	SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc);
	SQLConnect(hdbc,
									(SQLCHAR*) server,
									(SQLSMALLINT) strlen(server),
									(SQLCHAR*) user,
									(SQLSMALLINT) strlen(user),
									(SQLCHAR*) encPasswd,
									(SQLSMALLINT) strlen(verifiedPwd) );
	return 0;
}

C# 예제 :

μ•”ν˜Έν™”ν•˜μ§€ μ•Šμ€ νŒ¨μŠ€μ›Œλ“œ ν¬ν•¨λœ λ©”μ‹œμ§€ 전솑 ➑ μ•”ν˜Έν™” ν›„ 전솑

Message.Body = "Your password is: " + Server.HtmlEncode(password);
SmtpMail.Send(Message);

νŒ¨μŠ€μ›Œλ“œλ₯Ό μ•”ν˜Έν™”ν•˜μ§€ μ•Šκ³  νŒ¨μŠ€μ›Œλ“œκ°€ ν¬ν•¨λœ λ©”μ‹œμ§€λ₯Ό λ„€νŠΈμ›Œν¬λ₯Ό ν†΅ν•˜μ—¬ μ „μ†‘ν•˜κ³  μžˆλ‹€. 이 경우 λ˜ν•œ νŒ¨ν‚·μŠ€λ‹ˆν•‘μ„ ν†΅ν•˜μ—¬ νŒ¨μŠ€μ›Œλ“œκ°€ λ…ΈμΆœλ  수 μžˆλ‹€.

μ•ˆμ „ν•˜μ§€ μ•Šμ€ μ½”λ“œ

public void EmailPassword_OnClick(object sender, EventArgs args)
{
	MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
	String password;

	if (u != null)
	{
	try
	{
		password = u.GetPassword(); // sensitive data created
	}
	catch (Exception e)
	{
		Msg.Text = "An exception occurred retrieving your password: " +
		Server.HtmlEncode(e.Message);
		return;
	}
	MailMessage Message = new MailMessage();
	Message.Body = "Your password is: " + Server.HtmlEncode(password);
	
	SmtpMail.Send(Message);
	Msg.Text = "Password sent via e-mail.";
	}
	else
	{
		Msg.Text = "User name is not valid. Please check the value and try again.";
	}
}
byte[] data = System.Text.Encoding.ASCII.GetBytes(password);
data = new
System.Security.Cryptography.SHA256Managed().ComputeHash(data);
String hashedPassword = System.Text.Encoding.ASCII.GetString(data);

νŒ¨μŠ€μ›Œλ“œλ₯Ό μ•”ν˜Έν™”ν•˜μ—¬ λ„€νŠΈμ›Œν¬λ₯Ό 톡해 μ „μ†‘ν•œλ‹€.

μ•ˆμ „ν•œ μ½”λ“œ

public void EmailPassword_OnClick(object sender, EventArgs args)
{
	MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
	String password;

	if (u != null)
	{
		try
		{
			password = u.GetPassword();
			byte[] data = System.Text.Encoding.ASCII.GetBytes(password);
			data = new
			System.Security.Cryptography.SHA256Managed().ComputeHash(data);
			String hashedPassword = System.Text.Encoding.ASCII.GetString(data);
		}
		catch (Exception e)
		{
			Msg.Text = "An exception occurred retrieving your password: " +
			Server.HtmlEncode(e.Message);
			return;
		}
		MailMessage Message = new MailMessage();
		Message.Body = "Your password is: " + Server.HtmlEncode(hasedPassword);
		SmtpMail.Send(Message);
		Msg.Text = "Password sent via e-mail.";
	}
	else
	{
		Msg.Text = "User name is not valid. Please check the value and try again.";
	}
}