如何最好地为网站生成随机盐?
我想生成一个随机盐值并将其放入应用程序状态。
现在,我正在使用网络场,因此每台计算机的应用程序状态都会有所不同。 我也不想购买分布式国有农场应用程序。
那么..对此有哪些解决方案? 我以为我可以在代码或 web.config 文件中对其进行硬编码..但这意味着 eva 的盐相同..不太安全。
有人有什么建议吗?
请记住 - 我想要一个在所有机器上都相同的唯一密钥(例如 guid)。 也许配置文件是唯一的方法?
i'm wanting to generate a random salt value and put it into the Application state.
Now, i'm using a web farm, so the Application state will be different per machine. I don't want to purchase distributed state farm apps, either.
So .. what are some solutions for this? I thought i could hard-code it in the code OR the web.config file .. but that means the same salt for eva .. not very safe.
Anyone have any suggestions?
Remember - i'm after a unique key (eg a guid) that is the same across all machines. Maybe a config file is the only way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果我理解正确的话,您希望机器共享一个值,并且您不希望该值永远相同。 理想情况下,您不希望存储它。
因此,让“第一台”机器在启动时生成一个随机值(使用它可以使用的任何熵,例如 /dev/random。如果您不需要安全值,并且在启动时没有足够的熵来创建一个)不管怎样,利用时间或其他什么),并将其传达给所有其他人。 当新机器加入集群时,它们需要能够从集群中已有的一台机器中找到值。 机器掉线没有什么区别。
哪台机器是“第一”? 好吧,如果您始终可以在其他任何机器之前启动一台机器,并给它时间来生成一个值,那么您可以使用简单的算法:
1)寻找其他机器。 如果你找到了,请询问它的价值。
2) 如果没有找到,请自行生成该值。
如果多台机器同时启动,那么它们需要在它们之间决定哪一台是“领导者”。 您可以通过自己选择一个来做到这一点(例如,一台机器在通过管理界面收到特定连接后立即声明自己为“领导者”:在启动时,每台机器都会等待,直到它获得此连接,或者从另一台机器听到另一台机器的消息)机器是领导者)。 在令牌环上自动执行此操作很简单:具有最少 MAC 地址或任何领导者的机器。 但没有人再使用令牌环...
在不可靠网络的另一个极端,我不确定这是否可能,除非所有机器都知道总共有多少台机器(在这种情况下,它就像令牌环一样,除了他们都互相交谈,直到他们弄清楚谁是领导者)。 通过可靠的广播,这是您可以在以太网上合理范围内假设的,我确信在某处发布了最佳算法,但我忘记了它是什么(如果我知道的话)。 我猜想每个人都会定期广播他们认为的领导者是谁(如果他们还没有看到更好的领导者,包括他们自己的主张)。 一旦你听了足够长的时间(大约一个间隔),你就会知道谁是领导者,并且你可以开始使用种子。
如果该值是秘密,那么显然集群内的通信必须是安全的。 您可能会免费获得它,具体取决于网络架构。
If I understand correctly, you want the machines to share a value, and you don't want the value to be the same forever. Ideally you'd prefer not to store it.
So, have the "first" machine generate a random value at startup, (using whatever entropy it can such as /dev/random. If you don't need a secure value, and don't have enough entropy at startup to create one anyway, use the time or whatever), and communicate it to all the others. As new machines join the cluster, they need to be able to find the value from one machine already in the cluster. Machines dropping out make no difference.
Which machine is the "first"? Well, if you can always boot one machine before any others, and give it time to get to the point of generating a value, then you can use the trivial algorithm:
1) Look for other machines. If you find one, ask it the value.
2) If you don't find one, generate the value yourself.
If multiple machines are starting up at once then they need to decide amongst themselves which is the "leader". You could do this by choosing one yourself (e.g. a machine declares itself "leader" as soon as it receives a particular connection via the admin interface: on startup each machine waits until it either gets this connection, or hears from another machine that the other machine is the leader). It's trivial to do automatically on a token ring: the machine with the least MAC address or whatever is leader. But nobody uses token ring any more...
At the opposite extreme of an unreliable network I'm not sure it's even possible, unless all the machines know how many there will be in total (in which case it's just like the token ring, except that they all talk to each other until they've figured out who's the leader). With reliable broadcast, which is what you can assume within reasonable bounds on ethernet, I'm sure there's an optimal algorithm published somewhere, but I forget what it is (if I ever knew). I'd guess that everyone broadcasts who they think the leader is at regular intervals (including their own claim if they've not yet seen a better one). Once you've been listening to that for long enough (approx one interval), you'll know who the leader is, and you can start using the seed.
If the value is a secret, then obviously communication within the cluster must be secure. You might get that for free, depending on the network architecture.
在网络场场景中,存储在 machine.config 中的计算机密钥可能会成为您正在寻找的东西。 它是一个随机生成的哈希值,在网络场中的各个计算机上必须相同。
In a web farm scenario the machine key stored in machine.config might be what you are looking for. It is a randomly generated hash that must be the same across machines in the web farm.
这是一种有趣的方式:
每天开始时,即 00:00 之后,查找 twitter、digg、friendfeed 或任何在 00:00 之前/00:00 时经常更改数据的详细信息。 所有机器都会获得相同的数据,并且它肯定会发生变化。 为了使其成为秘密,请将此详细信息与某个密钥或 DNS 服务器的 MAC 或类似的东西结合起来。
我认为这很简单,也是一件有趣的事情。 当然,这意味着您的网站将依赖于这个外部网站来完成一些微不足道的事情,并且如果该网站关闭,可能会很困难。 但在这种情况下,您可以保留并继续前一天的数据。
只是想以一种有趣/有趣的方式来写它:)
Here's a fun/interesting way:
At the start of each day, i.e., after 00:00, lookup twitter or digg or friendfeed or anything that has frequently changing data for a detail just before/at 00:00. All the machines would get this same data AND it's guaranteed to be changing. In order to make it a secret, combine this detail with some secret key or the MAC of the DNS server or some such thing.
I think this is simple enough and a fun thing. Of course, this would mean your website would depend on this external website for a trivial thing and might be difficult if the site is down. But in such cases you can retain and continue with previous day's data.
Just wanted to write about it as a fun/interesting way :)