在 Android 中存储 API 密钥,混淆就足够了吗?
我正在使用 Dropbox API。在示例应用程序中,它包括以下几行内容:
// Replace this with your consumer key and secret assigned by Dropbox.
// Note that this is a really insecure way to do this, and you shouldn't
// ship code which contains your key & secret in such an obvious way.
// Obfuscation is good.
final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE";
final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE";
我很清楚“保密并不安全”这句话,并且混淆实际上只会稍微增加提取密钥所需的工作量。我不同意他们的说法“混淆是好事”。那我应该怎么做才能保护密钥呢?混淆是否足够好,或者我应该考虑更复杂的东西?
I'm using the Dropbox API. In the sample app, it includes these lines:
// Replace this with your consumer key and secret assigned by Dropbox.
// Note that this is a really insecure way to do this, and you shouldn't
// ship code which contains your key & secret in such an obvious way.
// Obfuscation is good.
final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE";
final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE";
I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你无能为力。如果用户(攻击者)拥有受保护的数据和取消保护的代码,则用户最终可以访问该数据。就这么简单。他们所需要的只是调试器和适时的断点。那,以及大量的空闲时间和决心。
保密是否足以满足您的目的取决于您的业务细节。但通常在移动世界中,如果客户担心他们的数据被盗,他们会实施高级别的盗窃和丢失控制。像远程擦除、强制屏幕锁定等。我认为应用程序程序员不需要复制所有这些东西。
You can't help it. If the user (attacker) has the protected data and the code that does the unprotection, the user can eventually get access to the data. It's as simple as that. A debugger and a breakpoint at just the right time is all they need. That, and lots of free time and determination.
Whether or not secrecy is good enough for your purposes is up to your business specifics. But generally in the mobile world, if the customer is that worried about their data being stolen, they implement high-level theft and loss controls. Things like remote wipe, mandatory screen lock, etc. I don't think it's up to the application programmer to duplicate all that stuff.
安全性永远不可能是完美的,因此您可以决定要完成多少工作。您可以将消费者机密分解为多个字符串,以进行简单的更改,从而提供最少的额外安全性,或者您可以创建一个算法以另一种方式表示机密(从插入字符串中每隔 X 个空格不使用的字符开始)修改每个字符,可能基于数字表示)。
你必须考虑工作与收益。如果这是您和几个朋友要使用的应用程序,那么它可能并不重要。如果这是一个有 1000 万人使用的应用程序,那么安全性显然更值得关注。
Security can never be perfect, so it's up to you to decide how much work you want to do. You can break the consumer secret into multiple Strings for a simple change that offers a minimal amount of additional security or you can create an algorithm to represent the secret in another way (anything from inserting characters that aren't used every X spaces in the string to modifying each character, perhaps based on the numeric representation).
You have to consider the work vs. benefit. If this is an app that you and a few friends are going to use, then it probably doesn't matter much. If this is going to be an app used by 10 million people, security is obviously more of a concern.