prada 發問時間: 社會與文化語言 · 7 年前

英文影片"翻譯"-關於不安全的加密存儲解釋

各位大大好,在下英文不太好

請求英文高手幫幫忙,翻譯影片中外國人說的英文

我想了解影片的內容,但是他並沒有字幕

只好拜託英文高手大大了

影片網址: http://www.youtube.com/watch?v=2Q8V4w6rkH4

Youtube thumbnail

1 個解答

評分
  • 7 年前
    最佳解答

    Insecure Cryptographic Storage isn’t a single vulnerability, but a collection of vulnerabilities that all have to do with making sure that your most important data is encrypted when it needs to be. This includes, but isn’t limited to things like, making sure you are encrypting the correct data, making sure you have proper key storage and management, making sure that you are not using known bad algorithms, making sure you are not implementing your own cryptography which may or may not be secure.

    不安全加密儲存並非單一安全問題,是關乎到你是否有按照安全需求,將你最重要的資料加密的一系列安全問題。 這包括(但不僅限於)你加密的是正確資料、你妥當保存控管解密的開鎖碼、你使用的不是不良的加密規則、以及你不可使用自己發明的加密方式,

    The impact of these flaws, when exploited, is usually quite high due to the fact that the information that is usually encrypted are very very important things like personally identifiable information, trade secrets, health care records, personal information, credit card numbers...... things of that nature.

    (略譯)這些安全漏洞影響極大,因為加密的資料通常都是很重要的,例如個人身份資料、商業機密、健康記錄、隱私資料、信用卡號碼等等。

    Modern cryptographic algorithms are extremely resilient and can take a lot of time to crack. The issue, though, is not with the algorithms being used. The issue is with the way they are being implemented to keep your data safe. Most attackers will go after how you are using the cryptography, not the actual cryptography itself.

    (略譯)現代加密規則不容易破解,不過問題不在使用的加密規則,是在於如何執行。多數駭客利用你使用加密不當來偷取,不是真正去破解你的加密。

    The ways to detect and fix cryptographic storage issues fall into two camps. On one side, you have flaws like improper key management or not encrypting the correct data. The way to fix these is to actually sit down, look at what the scope of your application is, look at internal business processes, and review ways to make sure that you are in fact following what the best practices are. On the other hand, issues like implementing your own insecure cryptography or using known insecure algorithms can be fixed by using a whole variety of security scanning tools.

    (略譯)發現解決加密儲存問題分為兩方面。一是解鎖碼控管不當,或是加密錯誤資料。

    2012-12-05 01:25:44 補充:

    (太長,其餘在意見欄)

    2012-12-05 01:26:00 補充:

    解決這個問題必須坐下來,看看你要做什麼,看看公司內部作業方式,檢討並且確定你確實使用最有效的作法。 另一方面的問題在於使用你自己發明的加密規則或已知根本不安全的加密規則。這種問題可以用各種安全掃描工具來解決。

還有問題?馬上發問,尋求解答。