支持自动生成端到端加密密码 #3790
Comments
Vanessa219
added a commit
to siyuan-note/appearance
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/user-guide-zh_CN
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/user-guide-en_US
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/user-guide-zh_CHT
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/appearance
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/appearance
that referenced
this issue
Jan 10, 2022
|
看贴子说是支持云端托管,看这个issue应该是本地生成的 |
|
@aptexd 云端不保存的,而是基于 user id 通过一个 hash 算法在本地生成作为密码。 |
Vanessa219
added a commit
to siyuan-note/appearance
that referenced
this issue
Jan 10, 2022
88250
added a commit
to siyuan-note/appearance
that referenced
this issue
Jan 10, 2022
|
想问一句, user id 本地 hash 加盐了吧?不然云上不安全啊。我觉得D大肯定会想到这个,但还是想问一问。 |
|
如果本地加某种随机盐,在论坛里面那种情况只会更糟。如果不加,那么云端加密形同虚设(密码对云是开放的,如果hash算法也为人知,所有截获该数据流的第三方都能解密)。 |
|
@ProgramFan 不加盐,Hash 算法写死在程序里的。所以如果选择使用自动生成密码的方式,那么实际上开发者是可以在云端解密数据的。这个看用户自己选择吧,有的用户并不需要太高的安全性,但是需要便利性。 |
|
理解了。不开源的话,安全性还是有保障的,毕竟思源自己没有动力去解密用户数据。 |
|
@ProgramFan #5013 开源以后这个问题需要注意,主要是本地环境的安全性。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://ld246.com/article/1641732887291
在设置端到端加密密码前让用户选择:
自动生成的密码是根据 user id 生成的。
The text was updated successfully, but these errors were encountered: