{"id":4181,"date":"2020-10-30T20:17:36","date_gmt":"2020-10-30T19:17:36","guid":{"rendered":"https:\/\/webhosting.de\/perfect-forward-secrecy-zukunftssichere-verschluesselung-fuer-webseiten\/"},"modified":"2020-10-30T20:17:36","modified_gmt":"2020-10-30T19:17:36","slug":"idealne-szyfrowanie-stron-internetowych-w-trybie-przod-przyszlosc-zabezpieczenie-przyszlosc","status":"publish","type":"post","link":"https:\/\/webhosting.de\/pl\/perfect-forward-secrecy-zukunftssichere-verschluesselung-fuer-webseiten\/","title":{"rendered":"Perfect Forward Secrecy: przysz\u0142o\u015bciowe szyfrowanie dla stron internetowych"},"content":{"rendered":"<p>Objawienia gwizdka Edwarda Snowdena pokaza\u0142y, \u017ce NSA <a href=\"https:\/\/webhosting.de\/pl\/personenbezogene-daten-sozialen-netzwerken\/\">Dane<\/a> w masach. Chocia\u017c nie jest w stanie rozszyfrowa\u0107 cz\u0119\u015bci informacji dzisiaj, mo\u017ce to by\u0107 mo\u017cliwe w przysz\u0142o\u015bci. Webmasterzy mog\u0105 chroni\u0107 siebie i swoich go\u015bci ju\u017c dzi\u015b przed jutrzejszym rozszyfrowaniem.<\/p>\n<p>Edward Snowden pokaza\u0142 \u015bwiatu, \u017ce \u017cadne dane nie s\u0105 bezpieczne dla tajnych s\u0142u\u017cb. Gromadz\u0105 oni (na wszelki wypadek) wszystkie informacje, kt\u00f3re trafiaj\u0105 na ich drog\u0119. Niekt\u00f3re z tych danych s\u0105 szyfrowane, na przyk\u0142ad poprzez po\u0142\u0105czenie HTTPS. Obejmuje to strony internetowe, na kt\u00f3rych przekazywane s\u0105 dane wra\u017cliwe, zakup produktu lub logowanie si\u0119 na konto e-mail lub korzystanie z bankowo\u015bci internetowej. Wszystkie te dane s\u0105 przechwytywane, cho\u0107 dzi\u015b s\u0105 bezu\u017cyteczne. Za kilka lat tajne s\u0142u\u017cby mog\u0142yby je rozszyfrowa\u0107.<\/p>\n<h2>Wra\u017cliwo\u015b\u0107 HTTPS<\/h2>\n<p>Czym dok\u0142adnie jest Perfect Forward Secrecy, w skr\u00f3cie PFS? Aby wyja\u015bni\u0107 ten termin, nale\u017cy najpierw wyja\u015bni\u0107, jak dzia\u0142a szyfrowanie SSL, kt\u00f3re jest stosowane na stronach internetowych, na kt\u00f3rych s\u0105 przesy\u0142ane dane wra\u017cliwe.<\/p>\n<p>Podczas wizyty w naszym <a href=\"https:\/\/webhosting.de\/pl\/eine-eigene-webseite-fuer-ihr-unternehmen-ja-oder-nein\/\">strona internetowa<\/a> hoster.online, w pasku wyszukiwania przegl\u0105darki internetowej b\u0119dzie widoczna ma\u0142a k\u0142\u00f3dka. Klikni\u0119cie na k\u0142\u00f3dk\u0119 otwiera informacje o certyfikacie SSL. Kolejne klikni\u0119cie pozwala na wy\u015bwietlenie informacji o <a href=\"https:\/\/webhosting.de\/pl\/plesk-letsencrypt-zertifikat-erstellen\/\">Certyfikat<\/a> w tym np. dat\u0119 wa\u017cno\u015bci.<\/p>\n<p>Certyfikaty SSL mog\u0105 by\u0107 u\u017cywane przez praktycznie ka\u017cd\u0105 stron\u0119 internetow\u0105. R\u00f3\u017cnice polegaj\u0105 na tym, \u017ce<\/p>\n<p>- ich szyfrowanie<br \/>\n- czy zatwierdzaj\u0105 one domen\u0119 lub to\u017csamo\u015b\u0107 oraz<br \/>\n- jak wysoka jest ich kompatybilno\u015b\u0107 z przegl\u0105dark\u0105.<\/p>\n<p>Istniej\u0105 r\u00f3wnie\u017c trzy rodzaje certyfikat\u00f3w:<\/p>\n<p>1-szy singiel<br \/>\n2. \u017cbik<br \/>\n3. Domena wielodomenowa<\/p>\n<p>Certyfikat SSL dzia\u0142a w nast\u0119puj\u0105cy spos\u00f3b: U\u017cytkownik surfuje po stronie internetowej, na przyk\u0142ad hoster.online. Jego przegl\u0105darka kontaktuje si\u0119 z serwerem, kt\u00f3ry okre\u015bla klucz publiczny wydany przez o\u015brodek certyfikacji. Przegl\u0105darka sprawdza podpis organu certyfikuj\u0105cego. Je\u015bli jest to prawid\u0142owe, wymienia dane z hoster.online. Od tej pory wszystkie dane b\u0119d\u0105 przesy\u0142ane w postaci zaszyfrowanej.<\/p>\n<h2>Perfect Forward Secrecy jako ochrona przed metodami jutra<\/h2>\n<p>W przypadku szyfrowanej transmisji sesji HTTPS, przegl\u0105darka ka\u017cdorazowo proponuje tajny klucz sesji. Serwer potwierdza ten klucz.<\/p>\n<p>Problem z t\u0105 metod\u0105 polega na tym, \u017ce s\u0142u\u017cby specjalne, takie jak NSA, mog\u0105 rejestrowa\u0107 transmisj\u0119 klucza. W daj\u0105cej si\u0119 przewidzie\u0107 przysz\u0142o\u015bci mo\u017ce by\u0107 mo\u017cliwe jego odszyfrowanie. Umo\u017cliwi\u0142oby to im odczytanie wszystkich danych przesy\u0142anych do hoster.online.<\/p>\n<p>W przesz\u0142o\u015bci istnia\u0142y problemy z HTTPS. B\u0142\u0105d Heartbleed, kt\u00f3ry od 2011 r. nara\u017ca\u0142 strony internetowe na powa\u017cne luki w zabezpieczeniach, dotkn\u0105\u0142 dwie z trzech stron w Internecie. Heartbleed by\u0142 b\u0142\u0119dem programowania w oprogramowaniu OpenSSL. Dzi\u0119ki niemu hakerzy \u0142\u0105cz\u0105cy si\u0119 z serwerem z podatn\u0105 na zagro\u017cenia wersj\u0105 OpenSSL poprzez HTTP mieli dost\u0119p do 64 KB prywatnej pami\u0119ci masowej. Atak spowodowa\u0142, \u017ce serwery wyciek\u0142y pliki cookie, has\u0142a i adresy e-mail. Dotyczy\u0142o to du\u017cych us\u0142ug, takich jak Yahoo Mail i LastPass.<\/p>\n<p>Rozwi\u0105zaniem dla takich scenariuszy jest Perfect Forward Secrecy: przy pomocy tzw. metody Diffie-Hellmana, dwaj partnerzy komunikacyjni - w tym przypadku przegl\u0105darka internetowa i serwer - uzgadniaj\u0105 tymczasowy klucz sesji. Nie jest to przekazywane w \u017cadnym momencie. Jak tylko sesja zostanie zamkni\u0119ta, klucz zostaje zniszczony.<\/p>\n<h2>PFS w praktyce i w przysz\u0142o\u015bci<\/h2>\n<p>Niestety, s\u0105 dwie z\u0142e wie\u015bci:<\/p>\n<p>1. nieliczne strony internetowe u\u017cywaj\u0105 obecnie PFS<br \/>\n2) wszystkie wymieniane dotychczas dane nie mog\u0105 by\u0107 ju\u017c zaszyfrowane<\/p>\n<p>Niemniej jednak, strony internetowe powinny przynajmniej od teraz wdra\u017ca\u0107 Perfect Forward Secrecy, aby zapewni\u0107, \u017ce \u017cadne dane nie b\u0119d\u0105 mog\u0142y by\u0107 odczytane wcze\u015bniej czy p\u00f3\u017aniej pomimo szyfrowania.<\/p>\n<p>Ivan Ristic z Security Labs zaleca nast\u0119puj\u0105ce zestawy do wdro\u017cenia PFS:<\/p>\n<p>- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA<br \/>\n- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA<br \/>\n- TLS_ECDHE_RSA_WITH_3THE_EDE_CBC_SHA<\/p>\n<p>Webmasterzy mog\u0105 przetestowa\u0107 swoj\u0105 stron\u0119 internetow\u0105 na ssllabs.com, a nast\u0119pnie zdecydowa\u0107 si\u0119 na odpowiednie dzia\u0142ania.<\/p>\n<p>Po wdro\u017ceniu Perfetct Forward Secrecy, us\u0142ugi takie jak NSA i BND mog\u0105 odczytywa\u0107 dane tylko za pomoc\u0105 atak\u00f3w typu \"man-in-the-middle\". We wszystkich innych przypadkach FPS b\u0119dzie du\u017cym kolcem w boku pods\u0142uch\u00f3w.<\/p>","protected":false},"excerpt":{"rendered":"<p>Die Enth\u00fcllungen von Whistleblower Edward Snowden haben gezeigt, dass die NSA Daten massenweise sammelt. Zwar kann sie einen Teil der Informationen heute nicht entschl\u00fcsseln, in Zukunft w\u00e4re dies unter Umst\u00e4nden m\u00f6glich. Webmaster k\u00f6nnen sich und ihre Besucher heute vor einer morgigen Entschl\u00fcsselung sch\u00fctzen. Edward Snowden hat der Welt gezeigt, dass keine Daten vor den Geheimdiensten [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":503,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[673,794],"tags":[186,187],"class_list":["post-4181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer_und_internet","category-sicherheit-computer_und_internet","tag-perfect-forward-secrecy","tag-pfs"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":null,"rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":null,"rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":"","_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":null,"_edit_lock":null,"_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":null,"_oembed_time_03514b67990db061d7c4672de26dc514":null,"rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"4613","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"perfect-forward-secrecy-future-proof-encryption-for-websites","_trp_automatically_translated_slug_lv":"perfekts-forward-secrecy-forward-forward-secrecy-future-proof-encryption-for-websites","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"taeydellinen-ennakointisalaisuus-tulevaisuuden-varma-salaus-verkkosivustoille","_trp_automatically_translated_slug_ja":"%e3%82%a6%e3%82%a7%e3%83%96%e3%82%b5%e3%82%a4%e3%83%88%e3%81%ae%e3%81%9f%e3%82%81%e3%81%ae%e5%ae%8c%e5%85%a8%e3%81%aa%e5%89%8d%e6%96%b9%e7%a7%98%e5%af%86%e6%9c%aa%e6%9d%a5%e3%81%ae%e5%ae%89%e5%85%a8","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":"default","_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_time_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_59808117857ddf57e478a31d79f76e4d":null,"_oembed_time_59808117857ddf57e478a31d79f76e4d":null,"_oembed_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_81002f7ee3604f645db4ebcfd1912acf":null,"_oembed_time_81002f7ee3604f645db4ebcfd1912acf":null,"_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":["tp-video-player"],"_eael_custom_js":null,"_wp_old_date":null,"_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"1021","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":["perfect forward secrecy: zukunftssichere verschl\u00fcsselung f\u00fcr webseiten"],"_eb_reusable_block_ids":[],"rank_math_focus_keyword":null,"rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"","_yoast_wpseo_content_score":null,"_yoast_wpseo_focuskeywords":null,"_yoast_wpseo_keywordsynonyms":null,"_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":null,"surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"503","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/posts\/4181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/comments?post=4181"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/posts\/4181\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/media\/503"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/media?parent=4181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/categories?post=4181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/pl\/wp-json\/wp\/v2\/tags?post=4181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}