我需要为我在 woothemes 上运行的网站获取 SSL 证书。
我正在使用 FirstData 作为我的支付网关
GoDaddy 提供 2 种加密类型:SHA-1 或 SHA-2。
哪一个应该适用于 peroxywhite.com?
此外,我们应该在 peroxywhite.com/cart 还是 peroxywhite.com 上安装 SSL?
最佳答案
据我所知
沙1 存在一些针对 Sha1 的碰撞攻击,但目前并不实用,因为每个哈希所需的 CPU 能力估计要花费近 300 万美元。
即使 Sha1 可以被认为适合大多数用途,但 Sha2 是一个全面的更好的选择:它同样快速、更安全,唯一的潜在缺点是存储哈希所需的空间更大。如果出于某种原因这是一个问题(我们谈论的是 32 个字节而不是 20 个字节)截断 Sha2 的输出仍然比使用 Sha1 更安全。
选择 Sha1 的唯一原因是出于互操作性原因。
沙2 Sha2 是 Sha1 的后继者,有 4 个不同的变体,每个都有不同的摘要大小(输出大小):
Sha-256 should be chosen in most cases where a high speed hash function is desired. It is considered secure with no known theoretical vulnerabilities and it has a reasonable digest size of 32 bytes. For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.
Sha-224 uses the same algorithm as Sha-256 (except for the initial seed values) simply truncating its output. It was created because its digest size has the same length as two-key Triple DES keys which can be handy.
Sha-512 is different, using 64 bit numbers and having 80 rounds (versus 32 bit numbers and 64 rounds of Sha-256). Its digest size – 64 bytes – is very large and it is probably overkill for most uses.
Sha-384 is the same as Sha-512 (again, except for the initial seed values) but truncated to reduce its digest size.
如果您观察所有电子商务网站,它们只会在结帐页面中包含 ssl,而不是整个网站。但是一些银行网站会为整个网站维护 ssl。
由于 peroxywhite 是一个电子商务网站,我们只能在结帐页面中放置 ssl,即。只有在 http://www.peroxywhite.com/checkout/
关于woothemes电商网站SSL证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17795035/