第二章:SSL VPN技术|网络世界足球竞猜app软件<GÿdF4y2Ba/title> <style type="text/css"> #sp_privacy_manager_container { z-index: 10000000 !important; } </style> <link rel="stylesheet" href="//m.banksfrench.com/www/css/article.css?v=20200701112944"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge/css/insider-promo-styles.css?v=20200701112944"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge/css/print.css" media="print"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge.nww/css/article.css?v=20200701112944"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge/css/webfonts/ss-social.css"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge/css/webfonts/ss-standard.css"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.6.1/css/all.css" integrity="sha384-gfdkjb5BdAXd+lj+gudLWI+BXq4IuLW5IT+brZEZsLFm++aCMlF1V92rMkPaX4PP" crossorigin="anonymous"> <link rel="stylesheet" href="https://use.typekit.net/lbi2kpq.css"> <style> @media only screen and (max-width: 929px) { .brVideoContainer { width: 100%; height: auto; display: inline-block; position: relative; border: none; overflow: hidden; z-index: 10000; } #bottomRightPlayer { margin-bottom: 10px; } .margin-col .brVideoContainer, .main-col .brVideoContainer { margin-top: 20px; } } @media only screen and (min-width: 930px) { .brVideoContainer { bottom: 5px; right: 5px; width: 401px; height: 225px; position: fixed; border: none; overflow: hidden; z-index: 1400000; } } .brVideoContainer .outer-wrapper { margin: 0 auto; max-width: 600px; top: 0px; left: 0px; width: 100%; height: 100%; border: none; overflow: hidden; position: relative; } #jw-standalone-close-button { position: absolute; top: 5%; right: 3%; display: inline; z-index: 999999; height: 20px; width: 20px; } </style> </head> <body id="article2268575" class="article network world">  <div id="superadunit" class="hidden"> <div class="ad"> <div class="ad-header"> <div class="brand-logo"></div> <a href="javascript:unhide('superadunit');" id="superstitial-text">关闭广告<GÿdF4y2Ba/a> </div> <div id="gpt-overlay" class=" ad-container"></div> </div> </div>  <link rel="stylesheet" href="//m.banksfrench.com/www/css/oc-header.css?v=20200701112944"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge.nww/css/oc-header.css?v=20200701112944"> <header id="banner"> <div class="ad"> <div id="oc_ad_1" class=" ad-container test"></div> </div> </header> <section id="oc-head" class="no-stick-important"> <div class="oc-head-inner"> <div class="oc-head-left"> <a href="//m.banksfrench.com/" class="masthead"><span class="logo">足球竞猜app软件</span></a> <div class="edition-picker"> <div class="current-edition" data-edition-name="current"> <span id="current-edition">2020欧洲杯夺冠热门</span> <i class="fas fa-caret-down"></i> </div> <ul id="edition-picker-nav"> <li class="edition-picker-item locale-"><a data-edition-name="US" data-edition-localeid="0" href="//m.banksfrench.com/">2020欧洲杯夺冠热门</a></li> <li class="edition-picker-item locale-uk"><a data-edition-name="uk" data-edition-localeid="2" href="//m.banksfrench.com/uk/">英国<GÿdF4y2Ba/a></li> </ul> </div> </div> <div id="custom_header"></div> <div class="oc-head-right"> <div class="insider-controls"> <div class="insider-controls-hover"> <a class="insider edition-link-url" href="//m.banksfrench.com/insider/"></a> <i class="far fa-user"></i> </div> <div id="insider-welcome"> <div id="insider-selector"> <div class="stories"> <div class="personalization"> <strong>欢迎<GÿdF4y2Baspan id="person-first-name"></span>!<GÿdF4y2Ba/strong>这里有最新的内幕故事。<GÿdF4y2Ba/div> <ul> <li><a href="//m.banksfrench.com/article/3211410/the-10-most-powerful-companies-in-enterprise-networking.html">10家最强大的公司在企业网络2020<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com/article/3564544/smart-network-upgrades-to-consider-before-the-next-pandemic.html">在下一次大流行前考虑智能网络升级<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com/article/3541759/test-and-review-of-4-wi-fi-6-routers-whos-the-fastest.html">4个的Wi-Fi路由器6测试和审查：谁是最快的？<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com/article/3563525/pandemic-driven-changes-to-application-delivery-infrastructure-may-become-permanent.html">流行驱动的变化，以应用交付基础设施可能成为永久的<GÿdF4y2Ba/a></li> </ul> <div class="sign-out-link"> <a class="more-insider edition-link-url" href="//m.banksfrench.com/insider/">更多内幕<GÿdF4y2Ba/a> <a class="sign-out" href="javascript://" onclick="IDG.insiderReg.logout()">签署了<GÿdF4y2Ba/a> </div> </div> </div> <div class="signin-register"> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-signin')" class="js-open-modal signin" data-modal-id="insider-popup">登入<GÿdF4y2Ba/a> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-form-short')" class="js-open-modal register" data-modal-id="insider-popup">寄存器<GÿdF4y2Ba/a> </div> <a class="nav-ip-dropdown" href="https://www.idginsiderpro.com/subscribe"> <div> <b><em>新<GÿdF4y2Ba/em></b>从IDG<GÿdF4y2Ba/div><span class="dropdownIPLogo"></span><span>学到更多<GÿdF4y2Ba/span></a> </div> </div> <a href="#search" class="search-btn"><i class="fas fa-search"></i></a> <div class="search-expand"> <a href="" class="mega-close ss-delete"></a> <div class="gcse-searchbox"> <gcse:searchbox-only resultsurl="/search"></gcse:searchbox-only> </div> </div> <a class="mega-btn"></a> </div> </div> </section> <nav class="megamenu"> <div class="megamenu-inner"> <div class="mega-mobile-nav"> <a href="#search" class="search-btn"><i class="fas fa-search"></i></a> <div class="mega-insider-icons insider-controls"> <i class="far fa-user"></i> <a class="insider" href="//m.banksfrench.com/about/learn-about-insider.html"></a> <a class="sign-out-link" href="javascript://" onclick="IDG.insiderReg.logout()">签署了<GÿdF4y2Ba/a> <div class="signin-register"> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-signin')" class="js-open-modal signin" data-modal-id="insider-popup">登入<GÿdF4y2Ba/a> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-form-short')" class="js-open-modal register" data-modal-id="insider-popup">寄存器<GÿdF4y2Ba/a> </div> </div> </div> <a href="" class="mega-close ss-delete"></a> <div class="mega-logo-content"> <img class="mega-logo" src="https://alt.idgesg.net/images/furniture/networkworld/nww-nameplate-logo2x.png"> <div class="mega-4col"> <div class="mega-col"> <div class="mega-grp new-insiderpro"> <div class="mega-hed"> 新<GÿdF4y2Baspan>内幕<GÿdF4y2Ba/span>PRO<GÿdF4y2Baa class="ip-learnmore" href="https://www.idginsiderpro.com/subscribe">学到更多<GÿdF4y2Ba/a> </div> </div> <div class="mega-grp latest-insider"> <div class="mega-hed ss-directright right"> 最新<GÿdF4y2Baspan>内幕<GÿdF4y2Ba/span> </div> <ul> <li><a href="//m.banksfrench.com/article/3563766/the-10-fastest-supercomputers-are-led-by-one-28x-faster-than-the-rest.html">10台最快的超级计算机是由一个2.8倍为首快于其他<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com/article/3562348/how-to-backup-essential-data-but-not-the-garbage.html">如何备份基本数据而不是垃圾数据<GÿdF4y2Ba/a></li> <li><a href="https://www.cio.com/article/3561609/14-technology-winners-and-losers-post-covid-19.html">新冠肺炎疫情后，技术赢家和输家<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com/article/3561762/rackspace-rebrands-again-and-repositions-for-digital-transformation.html">Rackspace公司贴牌（再次），并重新定位为数字化改造<GÿdF4y2Ba/a></li> </ul> <div id="ip-below-personalize-list" class="mega-grp insider-controls"> <a class="nav-ip-dropdown" href="https://www.idginsiderpro.com/subscribe"> <div> <b><em>新<GÿdF4y2Ba/em></b>从IDG<GÿdF4y2Ba/div><span class="dropdownIPLogo"></span> <div> 学到更多<GÿdF4y2Ba/div></a> </div> </div> <div id="megacolumn1"></div> </div> <div class="mega-col"> <div id="megacolumn2"></div> </div> <div class="mega-col"> <div class="mega-grp ip-controls"> <span class="megamenuIPLogo"></span> <div class="mega-hed"> <b>新从IDG<GÿdF4y2Ba/b> </div> <span>在一个无广告的环境中，订阅访问专家对商业技术的见解。<GÿdF4y2Baa href="https://www.idginsiderpro.com/subscribe">学到更多<GÿdF4y2Ba/a></span> </div> <div class="mega-grp insider-controls"> <div class="mega-insider-icons"> <a class="insider" href="//m.banksfrench.com/about/learn-about-insider.html"></a> <i class="far fa-user"></i> </div> <div class="personalization"> <strong>欢迎<GÿdF4y2Baspan id="person-first-name"></span>!<GÿdF4y2Ba/strong>查看最新内幕故事<GÿdF4y2Baa href="//m.banksfrench.com/insider" class="edition-link-url">这里。<GÿdF4y2Ba/a> </div> <a class="sign-out-link" href="javascript://" onclick="IDG.insiderReg.logout()">签署了<GÿdF4y2Ba/a> <div class="signin-register"> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-signin')" class="js-open-modal signin" data-modal-id="insider-popup">登入<GÿdF4y2Ba/a> <a href="javascript://" onclick="IDG.insiderReg.registerLinkEvent('insider-reg-form-short')" class="js-open-modal register" data-modal-id="insider-popup">寄存器<GÿdF4y2Ba/a> </div> </div> <div id="megacolumn3"></div> </div> <div class="mega-col"> <div class="mega-grp idg-network"> <div class="mega-hed ss-directright right"> 更多信息请见IDG网络<GÿdF4y2Ba/div> <div id="megacolumn4"></div> </div> </div> </div> </div> <div class="mega-footer"> <ul class="mega-about"> <li><a href="//m.banksfrench.com/about/about.html">关于我们<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/contactus.html">联系<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/privacy.html">隐私政策<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/cookie-policy.html">Cookie政策<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/member-preferences.html">成员的偏好<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/contactus.html">广告<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="https://www.idg.com/work-here/" target="_blank" rel="nofollow">IDG的职业<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/adchoices.html">广告选择<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/affiliates.html">电子商务联系<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> <li><a href="//m.banksfrench.com/about/ccpa.html">加利福尼亚州：不卖我的个人信息<GÿdF4y2Ba/a><span class="bar">|<GÿdF4y2Ba/span></li> </ul> <ul class="mega-social"> <li>跟着我们<GÿdF4y2Ba/li> <li class="lkndn"><a class="social-media-li" href="http://www.linkedin.com/company/network-world" rel="nofollow" target="_blank"><i class="ss-icon ss-social-circle brand ss-linkedin"></i></a></li> <li><a class="social-media-tw" href="https://twitter.com/networkworld" rel="nofollow" target="_blank"><i class="ss-icon ss-social-circle ss-twitter"></i></a></li> <li><a class="social-media-fb" href="https://www.facebook.com/NetworkWorld/" rel="nofollow" target="_blank"><i class="ss-icon ss-social-circle brand ss-facebook"></i></a></li> </ul> </div> </div> <div class="mega-submenu"> <a href="" class="mega-mobile-nav ss-left"></a> <a href="" class="mega-close ss-delete"></a> <div class="submenu-contents"></div> </div> </nav> <style> #insider-popup.modal-box { display: none; position: absolute; z-index: 6100000; width: 100%; background: transparent; border-bottom: 0 none; border-radius: 0px; box-shadow: none; border: 0 none; top: 0; bottom: 0; left: 0; right: 0; margin: 0 auto; } @media only screen and ( min-width: 48em ) { #insider-popup.modal-box { width: 770px; } } @media only screen and ( min-width: 60.625em ) { #insider-popup.modal-box { width: 850px; } } </style> <div id="insider-popup" class="modal-box "> <div class="insider-modal-wrapper"> <div class="modal-header-title"> <div class="modal-banner-insider"> <span class="insider"></span> </div> <div class="modal-close close"> ×<GÿdF4y2Ba/div> </div> <div class="modal-body"></div> <div class="modal-footer"> <div class="modal-close close-btn"> 关闭<GÿdF4y2Ba/div> </div> </div> </div> <link rel="stylesheet" href="//m.banksfrench.com/www/css/content-ribbon.css?v=20200701112944">  <div id="page-wrapper" class="page-wrapper"> <div id="skinAdTarget"></div> <section role="main" itemscope itemtype="http://schema.org/Article"> <article itemscope itemtype="http://schema.org/Article">   <style> nav.breadcrumbs { visibility: hidden; } </style> <meta itemprop="keywords" content="networking, "> <header class="cat"> <nav class="breadcrumbs horiz"> <ul itemscope itemtype="http://data-vocabulary.org/Breadcrumb"> <li><a class="edition-link-url" href="//m.banksfrench.com/" itemprop="url"><span itemprop="title">家<GÿdF4y2Ba/span></a></li> <li><a class="edition-link-url primary-cat-url" href="//m.banksfrench.com/category/networking/" itemprop="url"><span class="primary-cat-name" itemprop="title">网络<GÿdF4y2Ba/span></a></li> </ul> </nav> <div class="category"></div> <h1 itemprop="headline">第二章:SSL VPN技术<GÿdF4y2Ba/h1> <section class="deck viewability"> <h3 itemprop="description">思科新闻<GÿdF4y2Ba/h3> </section> <div class="cat-social"> <div id="sharer" class="cat sidecar show"> <ul id="share-tool" class="expand"> <li class="sosh"><a data-socialsite="Facebook" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fm.banksfrench.com%2Farticle%2F2268575%2Fchapter-2--ssl-vpn-technology.html" target="_blank"><img class="sidecar-icon" src="https://idge.staticworld.net/images/facebook.svg"></a></li> <li class="sosh"><a data-socialsite="Twitter" class="twit-hand" href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fm.banksfrench.com%2Farticle%2F2268575%2Fchapter-2--ssl-vpn-technology.html&via=networkworld&text=Chapter+2%3A+SSL+VPN+Technology" target="_blank"><img class="sidecar-icon" src="https://idge.staticworld.net/images/twitter.svg"></a></li> <li class="sosh"><a data-socialsite="Linkedin" href="http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fm.banksfrench.com%2Farticle%2F2268575%2Fchapter-2--ssl-vpn-technology.html&title=Chapter+2%3A+SSL+VPN+Technology" target="_blank"><img class="sidecar-icon" src="https://idge.staticworld.net/images/linkedin.svg"></a></li> <li class="sosh hide"><a data-socialsite="Reddit" href="http://reddit.com/submit?url=https%3A%2F%2Fm.banksfrench.com%2Farticle%2F2268575%2Fchapter-2--ssl-vpn-technology.html&title=Chapter+2%3A+SSL+VPN+Technology" target="_blank"><img class="sidecar-icon" src="https://idge.staticworld.net/images/reddit.svg"></a></li> <li class="sosh hide"><a href="mailto:?Subject=Chapter 2: SSL VPN Technology&Body=Check%20out%20this%20article%20from%20Network World%3A%20https%3A%2F%2Fm.banksfrench.com%2Farticle%2F2268575%2Fchapter-2--ssl-vpn-technology.html" target="_blank" rel="nofollow" id="email-icon"><img class="sidecar-icon" src="https://idge.staticworld.net/images/mail.svg"></a></li> <li class="sosh hide print"><a href="javascript:window.print();"><img class="sidecar-icon" src="https://idge.staticworld.net/images/print.svg"></a></li> <li class="more"> <div class="more-icon" onclick="document.getElementById('share-tool').className = 'expand';"></div></li> </ul> </div> </div> <div class="cat byline vcard author "> <div class="byline-wrapper"> <p class="name" itemscope itemtype="http://schema.org/Person" itemprop="author"><span class="by">通过<GÿdF4y2Ba/span><span class="fn" itemprop="name">黄强和杰西布·弗拉希姆<GÿdF4y2Ba/span></p> <p class="dateline"><span itemprop="publisher" itemscope itemtype="http://schema.org/Organization"><span class="publisher" itemprop="name">足球竞猜app软件</span> <meta itemprop="url" content="//m.banksfrench.com"> <meta itemprop="logo" content="https://idge.staticworld.net/nww/nww_logo_300x300.png"></span><span class="divider">|<GÿdF4y2Ba/span><span class="pub-date" itemprop="datePublished" content="2008-10-22T01:00-0700"><span class="format-date"></span></span></p> </div> </div> <div class="ad viewability" id="viewabilityAdContainer"> <div id="viewabilityAdUnit"> <div id="topleaderboard" class=" ad-container test"></div> </div> </div> </header> <div class="constrain-970"> <div class="lede-container"></div> <section class="epo cat-narrow" id="drr-top-ad"> <div class="ad top-ad"> <div id="topimu" class="adunit ad-container test"></div> </div> </section> </div> <div class="constrain-970"></div> <section class="bodee"> <style> #drr-container figure.large.video { border-bottom: 0 none; } figure#page-lede.thm-gallery #bcplayer-gallery #bcplayer-gallery_ad > div { width: 100%; height: 100%; transition: all 0.5s ease; } </style> <style> .jwplayer.jw-state-paused .jw-display { display: table !important; padding: 0; } .jwplayer .jw-display-icon-container { float: none; padding: 0; margin: 0; } .jw-flag-small-player .jw-display { padding-top: 0px; } .jwplayer .jw-display-icon-container .jw-icon-rewind { visibility: hidden; } .jwplayer .jw-display-icon-container .jw-icon-next { visibility: hidden; } .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-play path, .jw-state-idle .jw-svg-icon-play path, .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-replay path, .jw-state-complete .jw-svg-icon-replay path { display: none; } .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-play, .jw-state-idle .jw-svg-icon-play, .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-replay, .jw-state-complete .jw-svg-icon-replay { background-size: contain; background-repeat: no-repeat; background-color: transparent; background-image: url(//idge.staticworld.net/idgtv/btn-play-default.svg); background-position: center center; bottom: 0; border-radius: 0; box-shadow: none; left: 0; margin: auto; right: 0; top: 0; } .jwplayer .jw-display-icon-container .jw-icon, .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-play, .jw-state-idle .jw-svg-icon-play, .jwplayer .jw-display-icon-container .jw-icon-display .jw-svg-icon-replay, .jw-state-complete .jw-svg-icon-replay { height: 81px; width: 78px; } </style> <div class="ad placement">  <div id="inread" class=" ad-container"></div>  </div> <div id="drr-container" class="cat no-primary-image" itemprop="articleBody"> <p>由于安全套接字层（SSL）虚拟专用网（VPN）技术的日益成熟，并迅速被部署在最近几年，它已经获得了网络的关注和IT管理员谁正在寻找远程访问VPN解决方案，提供无所不在的接入和低成本的部署和管理。目前，SSL VPN技术不存在任何官方的标准;不同的供应商使用不同的实现。本章将在SSL VPN技术的发展密切关注，以帮助您了解这种技术是如何工作的。<GÿdF4y2Ba/p> <h2>SSL VPN的加密积木<GÿdF4y2Ba/h2> <p>VPN在公共网络上传输私有流量。一个安全的VPN需要满足以下基本要求:<GÿdF4y2Ba/p> <ul> <li><p><strong>认证<GÿdF4y2Ba/strong>保证VPN实体与目标方通信。身份验证可以应用于VPN设备或VPN用户。例如，在远程访问VPN中，VPN前端设备可以对用户PC进行身份验证，以确保它确实是拥有它用来连接到集中器的IP地址的PC。集中器还可以对使用PC的最终用户进行身份验证，以便根据用户的信息正确分配用户权限。<GÿdF4y2Ba/p></li> <li><p><strong>保密<GÿdF4y2Ba/strong>通过对数据进行加密来确保数据的隐私性。<GÿdF4y2Ba/p></li> <li><p><strong>消息完整性<GÿdF4y2Ba/strong>保证数据的内容在传输期间没有被修改。<GÿdF4y2Ba/p></li> </ul> <p>下面几节将研究如何通过使用各种密码算法来满足这些需求。熟悉这些加密算法的读者可以跳过这些部分，直接转到SSL部分。<GÿdF4y2Ba/p> <div id="editorialfakesidebardiv" class="fakesidebar fakesidebar-auto"></div> <h2>散列和消息完整性认证<GÿdF4y2Ba/h2> <p>以下各节描述散列及其在密码学中的使用。<GÿdF4y2Ba/p> <h4>哈希<GÿdF4y2Ba/h4> <p>散列发挥确保了发送信息的完整性，安全体系中的重要作用。散列算法的可变长度的文本字段转换成固定大小的字符串。哈希在安全系统中使用的算法有以下两种属性：<GÿdF4y2Ba/p> <ul> <li><p><strong>单向散列机制：<GÿdF4y2Ba/strong>这意味着，给定的散列输出，它是难以转化散列函数来获取原始邮件。<GÿdF4y2Ba/p></li> <li><p><strong>无碰撞输出:<GÿdF4y2Ba/strong>这意味着，对于一个散列算法，计算上不可能找到具有相同的哈希输出的任何两个消息。<GÿdF4y2Ba/p></li> </ul> <p>由于这些特性，散列也被称为消息摘要或数字指纹。人们能在一个大文档输出小散和使用哈希输出文档的数字指纹。然后，该数字指纹可用于确保该消息没有被其传输通过不安全信道期间篡改。此外，从数字指纹，这是不可能揭示原始邮件的内容。<GÿdF4y2Ba/p> <aside class="nativo-promo nativo-promo-1 smartphone" id=""></aside> <p>截至目前，最常用的密码散列算法已经被消息摘要算法5（MD5）和安全散列算法1（SHA-1）。这两个都被认为是单向和强无碰撞散列算法。MD5提供128位输出，和SHA-1提供160位的输出。由于其尺寸较大，SHA-1通常被认为是更安全的，但在计算上更昂贵，比MD5。随着硬件和软件实现在当今的网络，性能差异通常不是一个问题。因此，SHA-1是一种用于在VPN部署使用的优选的散列算法。<GÿdF4y2Ba/p> <h4>消息认证码<GÿdF4y2Ba/h4> <p>消息认证码（MAC）是用于确保传输过程中消息的完整性的加密校验和。以产生MAC，则可以使用的加密算法，如数据加密标准（DES），或散列算法。散列通常比加密算法快很多，所以基于散列的MAC（HMAC）是最流行的方法。HMAC是一个加密散列函数。下面是如何工作的：为了生成消息M的HMAC，需要选择两个系统参数，散列函数H（通常MD5或SHA-1），并计算消息的K的HMAC密钥如下：<GÿdF4y2Ba/p> <aside class="nativo-promo nativo-promo-1 tablet desktop" id=""></aside> <blockquote> <p>HMAC（K，M）= H（K XOR OPAD，H（K XOR ipad的，M））<GÿdF4y2Ba/p> </blockquote> <p>其中OPAD是字符串0X5c和ipad是字符串0x36。<GÿdF4y2Ba/p> <p>在密码系统，K用这里的关键在两个节点之间的密钥协商和建立过程正常产生。请注意，这两个级别的散列使一个HMAC功能不是简单的加密哈希函数安全得多。<GÿdF4y2Ba/p> <p><a href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig01-100277993-orig.jpg">图2 - 1<GÿdF4y2Ba/a>示出了HMAC消息的发送者和接收者之间如何功能。<GÿdF4y2Ba/p> <p><a href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig01-100277993-orig.jpg"><img alt="" height="54" width="100" data-original="https://images.techhive.com/images/idge/imported/article/nww/2008/10/th02fig01-100277981-orig.jpg" class="lazy" loading="lazy"></a></p> <aside class="nativo-promo nativo-promo-2 tablet desktop smartphone" id=""></aside> <p><a href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig01-100277993-orig.jpg"><strong>图2 - 1<GÿdF4y2Ba/strong></a></p> <p>HMAC<GÿdF4y2Ba/p> <blockquote> <hr> <p><b>MD5和SHA-1的安全性<GÿdF4y2Ba/b>由一群中国密码专家，其中包括王小云的最近进行的研究表明，MD5和SHA-1是不是免费的碰撞，和算法已经发展到找出碰撞不是使用蛮力更快。例如，SHA-1具有160比特的输出，因此，如果散列2<GÿdF4y2Basup>80<GÿdF4y2Ba/sup>随机的消息，你会发现一对具有相同的散列输出消息。三名中国密码学家证明，他们可以找到在碰撞SHA-1与2<GÿdF4y2Basup>69<GÿdF4y2Ba/sup>操作，这比使用蛮力快2000倍。<GÿdF4y2Ba/p> <p>Bruce Schneier在他的网络博客(<GÿdF4y2Baa href="http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html" target="_blank" rel="nofollow">http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html<GÿdF4y2Ba/a>）和由Eric Rescorla在<GÿdF4y2Baa href="http://www.rtfm.com/movabletype/archives/2004_08.html" target="_blank" rel="nofollow">http://www.rtfm.com/movabletype/archives/2004_08.html#001059<GÿdF4y2Ba/a>。<GÿdF4y2Ba/p> <p>这里是一个简短的总结：<GÿdF4y2Ba/p> <ul> <li><p>攻击威胁通过散列算法的数字证书提供的不可否认性属性。<GÿdF4y2Ba/p></li> <li><p>据认为，HMAC仍然对这种攻击是安全的。<GÿdF4y2Ba/p></li> <li><p>目前的攻击是可行的以目前的技术远边缘。<GÿdF4y2Ba/p></li> </ul> <p>这些研究结果推动行业向着开发更安全散列算法，比如SHA-256或其它加密方法。对SHA-2的更多细节，可以发现<GÿdF4y2Baa href="http://en.wikipedia.org/wiki/SHA-2" target="_blank" rel="nofollow">http://en.wikipedia.org/wiki/SHA-2<GÿdF4y2Ba/a>。<GÿdF4y2Ba/p> <hr> </blockquote> <h2>加密<GÿdF4y2Ba/h2> <p>加密算法转移明文到密文。从哈希不同，加密算法需要加密和解密密钥。两种主要类型的加密算法存在：<GÿdF4y2Ba/p> <ul> <li><p><strong>对称加密：<GÿdF4y2Ba/strong>使用加密和解密相同的密钥。它也被称为密钥加密。对称算法一般用于将消息的内容进行加密。主要有两种类型的对称加密算法有：<GÿdF4y2Ba/p><p>- 流密码，诸如RC4<GÿdF4y2Ba/p><p>- 分组密码，诸如DES，三重DES（3DES）和高级加密标准（AES）<GÿdF4y2Ba/p></li> <li><p><strong>非对称加密：<GÿdF4y2Ba/strong>使用加密和解密不同的密钥。非对称加密也被称为公钥加密。非对称加密系统由两个计算相关联的键。一，为公众所知的领域，被称为公钥;另一种是只知道密钥对的拥有者。根据使用的公钥和私钥对，非对称算法可用于加密或认证的目的。<GÿdF4y2Baa href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig02-100277994-orig.jpg">图2 - 2<GÿdF4y2Ba/a>示出的非对称算法的使用。考虑Alice和Bob，谁想要使用非对称算法进行安全通信的例子。对于加密的目的，爱丽丝会使用加密Bob的公钥的消息，并发送密文给Bob。一旦接收到密文，鲍勃，谁是对应私钥的唯一所有者，那么可以解密使用自己的私钥对消息。认证的目的，爱丽丝会加密（或签名）用她的消息自己的私有密钥。然后，其他人如Bob可以用Alice的公钥，这是签名私有密钥相匹配的唯一密钥验证消息的真实性。在现实世界中使用的加密系统非对称算法涉及到其他组件。我们在接下来的几节讨论。<GÿdF4y2Ba/p></li> </ul> <p>因为对称算法快得多比非对称算法，数字证书或密钥管理更常用为比非对称算法的数据加密。的非对称算法的流行的例子是迪菲 - 赫尔曼（DH）的算法和的Rivest，Shamir和Adelman（RSA）。<GÿdF4y2Ba/p> <p><a href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig02-100277994-orig.jpg"><img alt="" height="77" width="100" data-original="https://images.techhive.com/images/idge/imported/article/nww/2008/10/th02fig02-100277982-orig.jpg" class="lazy" loading="lazy"></a></p> <p><a href="http://images.techhive.com/images/idge/imported/article/nww/2008/10/02fig02-100277994-orig.jpg"><strong>图2 - 2<GÿdF4y2Ba/strong></a></p> <p>非对称算法的应用<GÿdF4y2Ba/p> <h4>RC4<GÿdF4y2Ba/h4> <p>RC4是Ron Rivest在1987年为RSA安全设计的，是目前应用最广泛的流密码。由于其速度和简单性，RC4已被部署在许多应用程序中，如SSL协议和有线等效隐私(WEP)协议，它们被用于保护无线网络流量。<GÿdF4y2Ba/p> <p>作为一种流密码，RC4对明文数据进行加密，每次加密一个，方法是用明文对密钥流进行XORing with the keystream。通过伪随机数生成器传递加密密钥和初始化向量(IV)来生成密钥流。<GÿdF4y2Ba/p> <p>对于SSL，大多数web浏览器支持使用两种不同密钥大小的RC4加密:RC4-40bit和RC4-128bit。较新的浏览器，如Internet Explorer 7.0和Firefox，已经开始支持更强的密码，如AES。<GÿdF4y2Ba/p> <h4>DES和3 DES<GÿdF4y2Ba/h4> <p>数据加密标准（DES）是迄今为止最广泛使用的对称加密算法。DES是一个64比特块密码的是一个8字节的数据块上的工作原理。输出密码块具有相同的8字节的长度。在解密侧，相同的算法进行反向施加有相同的密钥。由于具有奇偶校验位的要求，DES的有效密钥强度为56位。<GÿdF4y2Ba/p> <p>为了加密超过DES块大小的消息，使用某种操作模式对各个密码块进行链接。操作方式多种多样，如电子密码本(ECB)、密码块链接(CBC)等。CBC模式是商业实现中常用的操作模式。在CBC模式下，密文的每个块都与下一个要加密的明文块同步，从而使所有的块都依赖于前一个块。第一个数据块是IV。CBC模式比ECB模式增加了更多的安全性，因为它额外的XOR步骤。<GÿdF4y2Ba/p> <p>自20世纪70年代设计由IBM，DES算法已扣缴积极的密码分析在过去几年。然而，它的56位密钥长度太短，它已经成为了疲软与消费级系统的迅速增加计算能力的岁月。<GÿdF4y2Ba/p> <p>3DES解决了DES密钥长度不足的问题。3DES使用三组密钥执行DES三次，密钥长度为168位。要执行3DES，常用的操作是加密-解密-加密(EDE)。也就是说，DES使用密钥1加密消息，使用密钥2解密消息，最后使用密钥3加密消息。<GÿdF4y2Ba/p> <p>AES是用于SSL V3和传输层安全（TLS）加密选项之一。<GÿdF4y2Ba/p> <h4>AES<GÿdF4y2Ba/h4> <p>要更换老化的DES标准，在1997年走出叫来几个候选人如MARS，Twofish的，蛇，Rijndael算法和RC6，Rijndael算法为提交的高级加密标准（AES）的国家标准与技术研究院（NIST）国家研究所被选择作为最终标准。<GÿdF4y2Ba/p> <p>AES也是一个块密码，一个128位的数据块上的工作，并具有128，192和256位的密钥大小。关于AES的更多信息，可以发现：<GÿdF4y2Baa href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank" rel="nofollow">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard<GÿdF4y2Ba/a>。<GÿdF4y2Ba/p> <p>作为一种新的联邦标准，与3DES相比，AES的计算强度更小，加密能力更强，AES已迅速添加到供应商的实现中，并部署在VPN网络中。目前，许多厂商也支持AES硬件加速。AES是SSL v3和TLS的密码选项之一。<GÿdF4y2Ba/p> <h4>的Diffie-Hellman<GÿdF4y2Ba/h4> <p>1976年发布的Diffie-Hellman (DH)是第一个公开密钥算法。Diffie-Hellman是一个关键协议，使通信各方在没有任何已知秘密的情况下就共享秘密达成一致。Diffie-Hellman通常用于密钥交换和VPN隧道的建立阶段。Diffie-Hellman算法的工作原理如下:<GÿdF4y2Ba/p> <ol> <li><p>通信各方同意两个系统参数:一个大素数<GÿdF4y2Baem>p<GÿdF4y2Ba/em>和发电机<GÿdF4y2Baem>G<GÿdF4y2Ba/em>。它们被选择为任意值<GÿdF4y2Baem>V<GÿdF4y2Ba/em><<GÿdF4y2Baem>p<GÿdF4y2Ba/em>，存在一个值<GÿdF4y2Baem>w ^<GÿdF4y2Ba/em>这<GÿdF4y2Baem>G<GÿdF4y2Basup>w ^<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em>=<GÿdF4y2Baem>V<GÿdF4y2Ba/em>。这个需求,<GÿdF4y2Baem>G<GÿdF4y2Ba/em>可以用来生成从1到?的所有数字<GÿdF4y2Baem>p<GÿdF4y2Ba/em>1。<GÿdF4y2Ba/p></li> <li><p>每个通信方，说X和Y，生成私钥，<GÿdF4y2Baem>X<GÿdF4y2Ba/em>和<GÿdF4y2Baem>ÿ<GÿdF4y2Ba/em>，其中的每一个小于一个随机数<GÿdF4y2Baem>p<GÿdF4y2Ba/em>。计算相应的公钥X<GÿdF4y2Basub><em>X<GÿdF4y2Ba/em></sub>和Y<GÿdF4y2Basub><em>ÿ<GÿdF4y2Ba/em></sub>，采用以下公式:<GÿdF4y2Ba/p><p>- 党的X公共密钥：X<GÿdF4y2Basub><em>X<GÿdF4y2Ba/em></sub>=<GÿdF4y2Baem>G<GÿdF4y2Basup>X<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em></p><p>- 党Ÿ公钥：Y<GÿdF4y2Basub><em>ÿ<GÿdF4y2Ba/em></sub>=<GÿdF4y2Baem>G<GÿdF4y2Basup>ÿ<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em></p></li> <li><p>在通信双方交换然后通过不安全的通道公钥。一旦接收到对方的DH公钥，每一方使用下列公式计算共享密钥（SS）：<GÿdF4y2Ba/p><p>党的X：SS =（Y<GÿdF4y2Basub><em>ÿ<GÿdF4y2Ba/em></sub>)<GÿdF4y2Baem><sup>X<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em>=<GÿdF4y2Baem>G<GÿdF4y2Basup>yx<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em></p><p>党Y：SS =（X<GÿdF4y2Basub><em>X<GÿdF4y2Ba/em></sub>)<GÿdF4y2Baem><sup>ÿ<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em>=<GÿdF4y2Baem>G<GÿdF4y2Basup>xy<GÿdF4y2Ba/sup></em>国防部<GÿdF4y2Baem>p<GÿdF4y2Ba/em></p></li> </ol> <p>双方都有一个共同的秘密。<GÿdF4y2Ba/p> <p>卫生署双方必须共享系统参数<GÿdF4y2Baem>p<GÿdF4y2Ba/em>和<GÿdF4y2Baem>G<GÿdF4y2Ba/em>，称为DH群参数。以下是几个常见的DH与不同的组<GÿdF4y2Baem>p<GÿdF4y2Ba/em>:<GÿdF4y2Ba/p> <ul> <li><p>组1：768位模数<GÿdF4y2Ba/p></li> <li><p>第2组：1024位模数<GÿdF4y2Ba/p></li> <li><p>组5:1536钻头模数<GÿdF4y2Ba/p></li> </ul> <p>请注意，在DH公开密钥交换过程中，没有任何身份验证过程的定义。这确保了通信双方都可以从预期的接受方的权利公钥。因此，DH是容易受到中间人攻击，其中攻击者可以截取该通信信道和欺骗通信各方的身份，以执行与分别一方X和Y，DH交换。因此，攻击者建立与X和Y两个共享秘密分开，并且可以使用这些共享秘密由DH秘密保护的两个通信方之间截距进一步的通信。通过鉴定的DH交换缓解此漏洞。<GÿdF4y2Ba/p> </div> <div class="apart-alt tags"> <span class="related">相关:<GÿdF4y2Ba/span> <ul> <li><a class="edition-link-url primary-cat-url2" href="//m.banksfrench.com/category/networking"><span class="primary-cat-name2">网络<GÿdF4y2Ba/span></a></li> </ul> </div> <section class="pagination"> <span class="page-numbers"><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html" class="page-link current">1<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=2" class="page-link ">2<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=3" class="page-link ">3.<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=4" class="page-link ">4<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=5" class="page-link ">5<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=6" class="page-link ">6<GÿdF4y2Ba/a><a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=7" class="page-link ">7<GÿdF4y2Ba/a></span> <span class="current-page">第1页<GÿdF4y2Ba/span> <a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=2" class="page-link next" rel="next">下一个<GÿdF4y2Bai class="ss-icon ss-navigateright"></i></a> </section> <div class="mobile-page-nav"> <div id="article-top-page-number"> 第1页共7页<GÿdF4y2Ba/div> <a href="//m.banksfrench.com/article/2268575/chapter-2--ssl-vpn-technology.html?page=2" class="page-link next" rel="next"><i class="ss-icon ss-navigateright"></i></a> </div>  <div class="article-intercept"> <a href="https://www.idginsiderpro.com/article/3526496/it-salary-survey-2020-the-results-are-in.html"><i class="ss-icon ss-navigateright"></i><em>IT薪资调查：<GÿdF4y2Ba/em>结果在<GÿdF4y2Ba/a> </div> <style> @media only screen and (min-width: 60.625em) { article .apart.ad.not-lazy { margin-left: 0; float: right; } } /* this spaces the ads in the right rail */ @media only screen and ( min-width: 48em ) { article #drr-top-ad.epo.cat-narrow #imu2 { margin-top: 390px; /*originally 354px*/ } .topDeals.topper { margin-top: 390px; } } @media only screen and ( min-width: 48em ) and ( max-width: 58.063em ) { article #drr-top-ad.epo.cat-narrow #imu2 { margin-top: 0; } } @media only screen and ( min-width: 60.625em ) { article #drr-top-ad.epo.cat-narrow #imu2 { margin-top: 390px; /*originally 354px*/ } .topDeals.topper { margin-top: 390px; } } @media only screen and ( min-width: 48em ) { article #drr-top-ad.epo.cat-narrow div[id^=imu] { margin-top: 390px; } } @media only screen and ( min-width: 48em ) and ( max-width: 58.063em ) { article #drr-top-ad.epo.cat-narrow div[id^=imu] { margin-top: 0; } } @media only screen and ( min-width: 60.625em ) { article #drr-top-ad.epo.cat-narrow div[id^=imu] { margin-top: 390px; } } </style> </section>  <div id="content-recommender"> <div class="OUTBRAIN" data-widget-id="AR_1" data-ob-template="NetworkWorld"></div> </div> <div class="lazyload_ad"> <code type="text/javascript"> </code> </div> <link rel="stylesheet" href="//m.banksfrench.com/www.idgcsmb/css/tso-links.css?v=20200701112944"> <div id="tso-wrapper"> <div id="tso" style="display:none"></div> </div> </article> </section>  </div>  <link rel="stylesheet" href="//m.banksfrench.com/www.idge/css/foot.css?v=20200701112944"> <link rel="stylesheet" href="//m.banksfrench.com/www.idge.nww/css/foot.css?v=20200701112944"> <footer> <section class="brand" itemscope itemtype="http://schema.org/Organization"> <a href="//m.banksfrench.com/"><span class="logo">足球竞猜app软件</span></a> <span class="tagline"></span> <span class="follow"><label>关注我们<GÿdF4y2Ba/label> <ul> <li class="lnkdn"><a class="social-media-li-foot" href="http://www.linkedin.com/company/network-world" itemprop="sameAs" rel="nofollow" target="_blank" onclick="brandFollowTrack('LinkedIn')"><i class="ss-icon ss-social-circle brand ss-linkedin"></i></a></li> <li><a class="social-media-tw-foot" href="https://twitter.com/networkworld" itemprop="sameAs" rel="nofollow" target="_blank" onclick="brandFollowTrack('Twitter')"><i class="ss-icon ss-social-circle ss-twitter"></i></a></li> <li><a class="social-media-fb-foot" href="https://www.facebook.com/NetworkWorld/" itemprop="sameAs" rel="nofollow" target="_blank" onclick="brandFollowTrack('Facebook')"><i class="ss-icon ss-social-circle brand ss-facebook"></i></a></li> </ul></span> </section> <section class="topics"></section> <section class="about"> <div class="wrapper"> <nav class="tertiary" id="ft3"> <ul> <li><a class="edition-link-url" href="//m.banksfrench.com/about/about.html">关于我们<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/contactus.html">联系<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/privacy.html">隐私政策<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/cookie-policy.html">Cookie政策<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/member-preferences.html">成员的偏好<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/contactus.html">广告<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="https://www.idg.com/work-here/" target="_blank" rel="nofollow">IDG的职业<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/adchoices.html">广告选择<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/affiliates.html">电子商务联系<GÿdF4y2Ba/a></li> <li><a class="edition-link-url" href="//m.banksfrench.com/about/ccpa.html">加利福尼亚州：不卖我的个人信息<GÿdF4y2Ba/a></li> </ul> </nav> </div> </section> <section class="copyright"> <div class="wrapper"> <img src="https://alt.idgesg.net/images/logos/logo-footer-black.png" alt="IDG通信GÿdF4y2Ba"> <p><a href="//m.banksfrench.com/about/copyright.html">版权<GÿdF4y2Ba/a>©2020<GÿdF4y2Baspan class="bu">足球竞彩网下载</span></p> <div class="network"> <div id="network-selector"> <div class="label"> 探索IDG网络<GÿdF4y2Bai class="ss-icon tick">降序<GÿdF4y2Ba/i> </div> <ul> <li><a href="https://www.cio.com" target="_blank" rel="nofollow">CIO<GÿdF4y2Ba/a></li> <li><a href="https://www.computerworld.com" target="_blank" rel="nofollow">计算机世界<GÿdF4y2Ba/a></li> <li><a href="https://www.csoonline.com" target="_blank" rel="nofollow">CSO在线<GÿdF4y2Ba/a></li> <li><a href="https://www.infoworld.com" target="_blank" rel="nofollow">信息世界<GÿdF4y2Ba/a></li> <li><a href="//m.banksfrench.com" target="_blank" rel="nofollow">足球竞猜app软件</a></li> </ul> </div>  </div>  </div>  </section> </footer> <div id="mobilewelcomead" class=" ad-container test"></div> <div id="catfish" class=" ad-container test"></div>  <div id="gpt-skin" class=" ad-container"></div>     <noscript> <img src="https://sb.scorecardresearch.com/p?c1=2&c2=6035308&cv=2.0&cj=1"> </noscript>    <div id="loginModal"></div> <div id="logoffModal"></div> </body> </html>