Hacker News

Usashandise makiyi ekunyora encryption data yemushandisi

Comments

10 min read Via blog.timcappalli.me

Mewayz Team

Editorial Team

Hacker News

Passkeys ndiyo inonyanya kunakidza yechokwadi budiriro mumakore. Ivo vanobvisa phishing, vanobvisa mutoro wemapassword, uye vanounza isina musono yekupinda ruzivo inotsigirwa neruzhinji-kiyi cryptography. Asi pfungwa isiriyo ine njodzi iri kupararira kuburikidza nenharaunda dzevagadziri: kana passkeys ari cryptographic, zvirokwazvo vanogona encrypt data yemushandisi zvakare. Ivo havagone - uye kuyedza kuvashandisa nenzira iyoyo kuchagadzira brittle, isina kuvimbika masisitimu ayo anogona kuvhara vashandisi vako kubva kune yavo ruzivo zvachose. Kunzwisisa kuti nei kuchida kutariswa kwakajeka kuti mapasskeys chii chaizvo, chii chinodiwa encryption, uye apo maviri anosiyana munzira dzinonyanya kukosha kune chero puratifomu inobata data rebhizinesi rakavanzika.

Kutendesa uye Kuvharidzira Mabasa Akasiyana Akasiyana

Kutendeseka kunopindura mubvunzo mumwe chete: "Ndiwe waunoti ndiwe?" Encryption inopindura yakasiyana zvachose: "Iyi data inogona kuramba isingaverengeki kune wese munhu kunze kwemapato ane mvumo?" Aya matambudziko maviri anogovana cryptographic primitives, asi zvinodiwa zveinjiniya zvinosiyana zvakanyanya. Huchokwadi hunofanirwa kuitika kamwe chete pachikamu, hunogona kushivirira kutadza apo neapo nekudonha kwakanaka, uye hakudi kuburitsa zvakafanana nguva dzese. Encryption inoda deterministic, reproducible kiyi yekuwana mukati mehupenyu hwese hwe data - angave makore kana makumi emakore.

Kana waita chokwadi nekiyi yekupfuura, mudziyo wako unogadzira siginecha yecryptographic inoratidza kuti une kiyi yakavanzika ine chekuita neakaundi yako. Sevha inosimbisa siginicha iyi uye inopa mukana. Hapana nguva iyo sevha - kana kunyange application yako - inowana mukana kune yakavanzika kiyi zvinhu pachayo. Ichi chimiro, kwete chekugumira. Iyo yese yekuchengetedza modhi yemapasskeys inoenderana nekiyi yakavanzika isingasiye yakachengeteka enclave yechishandiso chako. Asi encryption inoda kuti iwe ushandise kiyi yekushandura data, uye gare gare shandisa iyo imwechete kiyi (kana mubatanidzwa wayo) kudzosera shanduko. Kana usingakwanise kuwana kiyi nenzira yakavimbika, haugone kudzikisira.

Mapuratifomu akaita seMewayz anogadzirisa ruzivo rwebhizinesi rinozivikanwa - ma invoice, marekodhi ekubhadhara, CRM contacts, magwaro eHR mumamodule mazana maviri nenomwe - anoda nzira dzekuvhara dzakavakwa pamakiyi akasimba, anodzoreka, uye anowanikwa nguva dzose. Kuvaka izvozvo panheyo yakagadzirirwa kudzivirira kupinda kwakakosha iko kupokana kwekuvaka.

Sei MaPasskeys Anoramba Kushandiswa SeMakiyi Ekunyorera

The WebAuthn specification, inosimbisa mapasskeys, yakagadzirwa nemaune ine zvipingaidzo zvinoita kuti encryption isashande. Kunzwisisa zvimhingamipinyi izvi kunoburitsa kuti sei iri risiri gwanza rinogona kuvharika nenyanzvi dzeinjiniya — ndiwo muganho wekugadzira wakakosha.

  • Hapana makiyi ekutumira kunze: Makiyi epachivande anogadzirwa panguva yekunyoresa passkey anochengetwa muhardware-backed akachengeteka enclaves (TPM, Secure Enclave, kana yakaenzana). Iyo inoshanda sisitimu uye browser APIs inopa hapana nzira yekubvisa mbishi kiyi zvinhu. Unogona kukumbira kiyi kusaina chimwe chinhu, asi haugone kuverenga kiyi yacho pachayo.
  • Non-deterministic key generation: Kugadzira passkey yemushandisi mumwechete pane imwe mudziyo kunoburitsa makiyi maviri akasiyana zvachose. Iko hakuna mutsara wembeu, hapana nzira yekubva, hapana nzira yekuvakazve kiyi imwechete pane imwe mudziyo. Kunyoreswa kwega kwega kwakazvimiririra kwe cryptographically.
  • Kuwanikwa-inosungwa nemudziyo: Kunyangwe paine kiyi yekupfuura (iCloud Keychain, Google Password Manager), kuwanikwa kunoenderana nekutora chikamu kwe ecosystem. Mushandisi anonyoresa pa iPhone uye gare gare achichinjira kuAndroid anogona kurasikirwa nekuwana. Mushandisi ane mudziyo wakarasika, wakabiwa, kana kusetwa patsva mufekitari anotarisana nedambudziko rimwe chetero.
  • Challenge-response chete: The WebAuthn API inofumura navigator.credentials.get() iyo inodzosa chirevo chakasainwa, kwete chinhu chakakosha. Unogashira siginicha pamusoro pedambudziko rakapihwa neseva - rinobatsira pakuratidza kuzivikanwa, hazvibatsiri pakutora kiyi yekuvharidzira.
  • Hapana algorithm yekuchinjika: Mapassword anowanzo shandisa ECDSA ine P-256 curve. Kunyangwe iwe uchikwanisa kuwana kiyi, ECDSA isaina algorithm, kwete encryption algorithm. Unoda dzimwe shanduko (ECDH key agreement, KDF derivation) iyo API isingatsigire mumamiriro ezvinhu aya.

Vamwe vagadziri vakurudzira maworkaround - vachishandisa iyo PRF (Pseudo-Random Basa) yekuwedzera kuWebAuthn, semuenzaniso, kutora makiyi esymmetric panguva yechokwadi. Kunyange iyi yekuwedzera iripo mune iyo spec, bhurawuza rutsigiro inoramba isingaenderane, haiwanikwe pamapuratifomu mazhinji enhare, uye ichiri kugara nhaka dambudziko rekusunga-mudziyo. Kiyi inotorwa kuburikidza nePRF pane imwe mudziyo haigone kudhindwa pane imwe mudziyo ine kiyi yekupfuura yakasiyana, kunyangwe yeakaundi yemushandisi imwechete.

Iyo Data Kurasa Mamiriro Hapana Anoda Kutumira

Funga zvinoitika kana ukavharidzira data remushandisi nekiyi inotorwa pakiyi yavo yekupasa. Zvese zvinoshanda zvakanaka pazuva rekutanga. Mushandisi anopinda mukati, kiyi inotorwa, data rakavharidzirwa uye rakadhindwa zvisina musono. Zvino pashure pemwedzi mitatu, foni yavo inowira mudhamu.

Nechokwadi chechinyakare, kurasikirwa nemudziyo kunonetsa. Mushandisi anotora account yake kuburikidza neemail, anoseta humbowo hutsva, uye anoenderera mberi achishanda. Asi kana data ravo raive rakavharidzirwa nekiyi yakasungirirwa kune yakachengeteka-yakadzika mudziyo yakachengeteka enclave, iyo data yaenda. Kwete "zvakaoma kupora" zvaenda - cryptographically irreversible yaenda. Hapana tikiti rekutsigira mutengi, hapana kudzoreredza account, hapana kukwira kwepamusoro kunogona kudzosera math. Iyo data inogona kunge yakadzimwa.

The Cardinal rule of encryption system design: kana key management strategy yako ikaita chero ipi zvayo poindi yekutadza iyo inoparadza zvachose kuwana kune data yemushandisi, hauna kugadzira chekuchengetedza - wagadzira nzira yekurasa data ine mamwe matanho.

Kune bhizinesi rinoshanda kuburikidza nepuratifomu - kutonga hukama hwevatengi makumi mashanu muCRM, kugadzirisa mubhadharo wepamwedzi wevashandi makumi matatu, kutevera boka remotokari - kurasikirwa zvachose kubva parunhare rwakadonha haisi nyaya diki yeUX. Idambudziko rekuenderera mberi kwebhizinesi. Izvi ndizvo chaizvo chikonzero nei Mewayz's architecture inoparadzanisa nzira dzechokwadi kubva kune data data layers, kuve nechokwadi chekuti hapana kutadza kana mudziyo mumwe chete unogona kukanganisa kuwana ruzivo rwakakosha rwebhizinesi pane chero akabatanidzwa mamodules.

Zvaunofanirwa Kushandisa Panzvimbo

Nhau dzakanaka ndedzekuti mapatani akanyatsosimbiswa aripo ekuteterera data remushandisi pasina kuwira musungo rekupfuura. Aya maitiro akaedzwa-kurwa, anotsigirwa zvakanyanya, uye akagadzirirwa zvakanangana neiyo encryption use kesi.

Server-side encryption ine makiyi anodzorwa inoramba iriyo sarudzo inoshanda kune ruzhinji rwemaapplication. Chikuva chako chinovharidzira data pakuzorora uchishandisa makiyi anogadziriswa kuburikidza neakakodzera Key Management Service (KMS) - AWS KMS, Google Cloud KMS, HashiCorp Vault, kana zvakafanana. Mushandisi anotendesa (nemapasskey, kana uchida!) uye sevha inobata encryption uye decryption pachena. Aya ndiwo machengetero anoita mapuratifomu eSaaS akawanda, uye anoshanda nekuti makiyi akasimba, anotsigirwa, anotenderedzwa, uye akazvimirira pane chero mudziyo wemushandisi.

Password-derived encryption keys (uchishandisa Argon2id kana scrypt for key derivation) zvakakodzera kana uchida yechokwadi zero-knowledge encryption apo kunyange server isingagoni kuverenga data yevashandisi. Iko kutengeserana ndeyekuti kurasikirwa nepassword kunoreva kurasikirwa nedata, asi mapassword anogona kurangarirwa, kunyorwa pasi, uye kuchengetwa mumaneja epassword - haana kuvharwa mukati me Hardware enclave. Masevhisi akaita se1Password uye Standard Notes anoshandisa nzira iyi nemazvo.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →
  1. Shandisa makiyi ekupfuura (kana chero nzira yakasimba) yeuthentication — kuratidza kuti mushandisi ndiani.
  2. Mushure mekuona, tora kana kudzoreredza makiyi ekunyorera kuburikidza neyakaparadzana, ine chinangwa-yakavakwa makiyi system.
  3. Gadzirisa makiyi escrow kana ekudzoreredza makiyi — makiyi ekudzoreredza, kubatanidza makiyi emidziyo yakawanda, kana kuchengetedza kiyi dzesangano kumaakaundi ebhizinesi.
  4. Nyora data paunenge wazorora uye uri munzira uchishandisa AES-256-GCM kana XChaCha20-Poly1305 nemakiyi eKMS yako.
  5. Tenderedza makiyi nguva nenguva uye chengetedza mabhaudhi ekiyi akavharidzirwa anopona chero ipi zvayo yakundikana.

Uku kupatsanurwa kwezvinonetsa haingori tsika yakanaka - ndiyo yega dhizaini inoita kuti uvandudze nzira dzechokwadi wakazvimiririra pane yako encryption zano. Kana makiyi ekupasa anozoshanduka kana kutsiviwa nechimwe chinhu chiri nani, data rako rakavharidzirwa rinoramba richiwanikwa.

The PRF Extension: Vimbiso uye Pitfalls  Kuwedzerwa uku kunobvumira bato rinovimba kuti rikumbire kukosha kwepseudo-random kubva pane zvakavanzika zvepasskey panguva yemhemberero yekusimbisa. Mupfungwa, kukosha uku kunogona kushanda sekiyi yekuvharidzira kana mbeu.

Mukuita, kuwedzera kwePRF kunotarisana nezvipingamupinyi zvakakosha zvekugamuchira vana. Kubva kutanga kwa2026, rutsigiro rwunosiyana zvakanyanya mumabhurawuza nemapuratifomu. Kuitwa kweSafari kunosiyana neChrome. Mazhinji madivaysi eAroid haazvitsigire zvachose. Hardware kuchengetedza makiyi ane tsigiro isingaenderane. Kune chero chikuva chinopa vashandisi vakasiyana-siyana - uye Mewayz inosevenza 138,000+ vashandisi pane ese makuru masisitimu anoshanda nemhando yemudziyo - encryption yechivako pane chimwe chinhu chine zvigamba chiripo hachishande.

Kunyanya kukosha, PRF haigadzirise dambudziko remidziyo yakawanda. Iyo pseudo-random inobuda inotorwa kubva kune chaiyo passkey pane chaiyo mudziyo. Mushandisi anonyoresa makiyi palaptop nenharembozha yake anowana zviviri zvakasiyana PRF zvabuda zveakaundi imwe chete. Iwe unozofanirwa encrypt data nekiyi yakatorwa yechishandiso uye neimwe nzira-encrypt kana kugovera kiyi iyoyo nemumwe mudziyo - izvo zvinokuunza iwe kudzoka pakuvaka yakakodzera kiyi manejimendi system zvakadaro. Panguva iyoyo, kiyi inotorwa nekiyi yekupfuura inowedzera kuomarara pasina kuwedzera chengetedzo.

Zvidzidzo zveVavaki: Shandisa Chishandiso Chakakodzera cheKurudyi Layer

Muyedzo wekushandisa mapasskey ekuteterera unobva kuhunhu hwakanaka - vagadziri vanoda kukwidziridza cryptography yakasimba uye kuderedza huwandu hwezvakavanzika zvinofanirwa kutariswa nevashandisi. Asi kuchengetedzwa kweinjiniya ndeye kushandisa iyo chaiyo yekutanga padanho rekurudyi. Kiyi nesefa zvese zvinodzivirira zvinhu zvakakosha, asi haungaisi bhobhoti mukati mevhairi kana kuedza kutakura sefa muhomwe yako.

Makiyi ePasskey anokunda pachinangwa chaakagadzira. Vakadzikisa kutorwa kweakaundi ane chekuita ne phishing kusvika pa99.9% mukushandiswa kwemukati kweGoogle. Vanobvisa credential stuffing kurwisa zvachose. Ivo vanopa ruzivo rwekupinda iyo panguva imwe chete yakachengeteka zvakanyanya uye zviri nyore kupfuura mapassword. Ndiko kubudirira kunoshamisa, uye zvakakwana. Kukumbira mapassword kuti ugadzirisewo encryption kwakafanana nekukumbira firewall yako kuti ishande se backup system yako - hazvinzwisise mavakirwo.

Kana uchivaka mapuratifomu anobata mashandiro ebhizinesi ane hunyoro, dhizaini inofanirwa kuratidza miganhu yakajeka. Huchokwadi hunoratidza kuti ndiani. Mvumo inosarudza kuwana. Encryption inodzivirira data pakuzorora uye pakufamba. Kiyi manejimendi inovimbisa encryption makiyi anopona kurasikirwa kwechishandiso, kuchinja kwevashandi, uye shanduko yezvivakwa. Chikamu chega chega chine maturusi akavakirwa chinangwa, uye kuasanganisa kunoita kuti asasimba panguva dzakaipisisa - apo mushandisi anoda zvakanyanya kuwana data rake uye haakwanise.

Kuwana Chengetedzo Zvakanaka Pasina Kukuomesera

Kune akawanda maSaaS maapplication uye mapuratifomu ebhizinesi, kurudziro inoshanda yakatwasuka: tora mapasskey nechido chekusimbisa, uye bata encryption zvachose server-parutivi neKMS inotungamirwa. Izvi zvinopa vashandisi vako ruzivo rwakanyanya rwekupinda rwuripo nhasi uku vachichengetedza data ravo nezvivakwa zvakagadzirirwa kusimba uye kupora.

Kana yako yemhando yekutyisidzira ichida zvechokwadi encryption yekugumisa-kusvika-kumagumo uko sevha isingakwanise kuwana data rakajeka, isa mari mune yakakodzera mutengi-padivi encryption architecture ine makiyi anotorwa nepassword, macode ekudzoreredza, uye makiyi esangano escrow - kwete mapfupi anotorwa nekiyi. Mari yeinjiniya yakakura, asi imwe nzira ndeyekutumira sisitimu inozopedzisira yaparadza data remumwe munhu zvisingaite.

Sarudzo dzekuchengetedza dzakasanganiswa nekufamba kwenguva. Nzira yekudimbudzira yakatorwa nhasi inova dambudziko rekutama mumakore matatu apo shanduko dzechinyakare, mudziyo we ecosystem unochinja mutemo wayo wekuwiriranisa, kana bhurawuza inodzikisira kuwedzera. Kuvaka pamusoro pezvisungo kubva pakutanga - kusimbiswa sehuchokwadi, encryption sekuvharirwa, imwe neimwe iine kiyi yayo yehupenyu - ndiyo nheyo inoita kuti mapuratifomu asvike kumazana ezviuru zvevashandisi pasina bhomba renguva yekumaka rakavigwa mu cryptographic pombi dzemvura.

Mibvunzo Inowanzo bvunzwa

Sei mapassword asingashandiswe kunyora data yemushandisi?

Makiyi ePasskey akagadzirwa kuti aonekwe chete, kwete encryption. Ivo vanovimba neruzhinji-kiyi cryptography kuratidza chitupa chako panguva yekupinda, asi kiyi yakavanzika haimbosiya mudziyo wako uye haiwanikwe kune maapplication. Encryption inoda yakagadzikana, inodhinda makiyi anogona kugara achibvisa data nekufamba kwenguva. Mapassword anoshaya kugona uku nedhizaini, zvichiita kuti ive isina kukodzera kuchengetedza ruzivo rwemushandisi rwakachengetwa.

Chii chinoitika kana ukaedza encrypt data nemapasskeys zvakadaro?

Unoisa panjodzi yekuvaka brittle system umo vashandisi vanovharirwa zvachose kunze kwedata ravo. Mapassword anogona kukanzurwa, kutenderedzwa, kana kutsiviwa pamidziyo yese pasina yambiro. Kana data yakavharidzirwa yakasungirirwa kune chaiyo passkey inodzimwa kana kuvandudzwa, hapana nzira yekudzoreredza. Izvi zvinogadzira njodzi yekurasikirwa nedata zvekuti hapana huwandu hweinjiniya workaround inogona kudzivirira nekuvimbika.

Chii chinofanira kushandiswa nevagadziri panzvimbo pemakiyi ekuvharisa data encryption?

Vagadziri vanofanira kushandisa zvigadziriso zvakavakwa nechinangwa seAES-256 ine kiyi chaiyo manejimendi, envelope encryption, kana maraibhurari akasimbiswa se libsodium. Chengetedza huchokwadi uye encryption sezvinetso zvakasiyana. Shandisa makiyi ekupasa pane zvavanogona pa - password isina password - uye yakatsaurirwa encryption makiyi anochengetedzwa kuburikidza neakachengeteka makiyi ekutorwa uye ekuchengetedza masisitimu ekuchengetedza anonzwisa tsitsi data remushandisi.

Mewayz inobata sei chokwadi uye kuchengetedza data kumabhizinesi?

Mewayz inopa 207-module bhizinesi OS inotangira pamadhora gumi nepfumbamwe/mo inopatsanura chokwadi kubva pakuchengetedzwa kwedata uchishandisa maindasitiri akanakisa maitiro. Pane kushandisa zvisizvo makiyi ekupasa, puratifomu iri paapp.mewayz.com inoshandisa magwaro akakodzera ekuvharidzira pamwe chete nemafambisirwo akachengeteka ekupinda, kuona kuti mabhizinesi anogona kuchengetedza data revatengi zvakavimbika pasina kuisa njodzi yekuvhara kunobva mukukanganisa chokwadi ne encryption.

Try Mewayz Free

All-in-one platform for CRM, invoicing, projects, HR & more. No credit card required.

Start Free Try Demo

Start managing your business smarter today

Join 30,000+ businesses. Free forever plan · No credit card required.

Start Free → Watch Demo
Found this useful? Share it.
X / Twitter LinkedIn Facebook WhatsApp

Ready to put this into practice?

Join 30,000+ businesses using Mewayz. Free forever plan — no credit card required.

Start Free Trial →

Related articles

U.S. to Create High-Tech Manufacturing Zone in Philippines

Hacker News

U.S. to Create High-Tech Manufacturing Zone in Philippines

Apr 16, 2026

Hacker News

New unsealed records reveal Amazon's price-fixing tactics, California AG claims

Apr 16, 2026

 Guy builds AI driven hardware hacker arm from duct tape, old cam and CNC machine

Hacker News

Guy builds AI driven hardware hacker arm from duct tape, old cam and CNC machine

Apr 16, 2026

Hacker News

A Better R Programming Experience Thanks to Tree-sitter

Apr 16, 2026

Hacker News

Join Akkari's Founding Team (YC P26) as an Engineer

Apr 16, 2026

Hacker News

The Beginning of Scarcity in AI

Apr 16, 2026

Ready to take action?

Start your free Mewayz trial today

All-in-one business platform. No credit card required.

Start Free →

14-day free trial · No credit card · Cancel anytime