Raysync Security Design: Account&Password Protection
Raysync is designed with multiple security protection based on the account number and password of the user. Specific security design is as follows:
Account protection security design
Login authentication has a built-in anti-violence cracking mechanism, if the user enters the wrong password five times within 3 minutes, the account will be automatically locked.
Session identification in login is generated by using the interface of OpenSSL high-strength random function RAND_bytes () to prevent random information from being hit by the simulator.
Password protection security design
In the transmission process, the user password is encrypted by the asymmetric high-strength encryption algorithm, and even if the transmission message is intercepted, the attacker can not recover the plaintext through ciphertext.
The information stored in the database of the user password is irreversibly encrypted 10,000 times in one direction by using the PBKDF2 algorithm and the user's individual random salt. Even if the database information is leaked, the user password cannot be reversed through ciphertext.
The password must be a combination of case, number and special symbols, and the length is greater than or equal to 8 characters.
The system provides a weak password dictionary. Users can customize weak passwords that meet the password strength but are easy to be cracked by social engineering. System users are prohibited from using such passwords, such as < company English name > @123.
As a file transmission acceleration software trusted by 2W+ enterprises, Raysync adopts the high-speed transmission protocol independently developed to build enterprise data transmission highway in the information age, and always puts enterprise data security at the top of its development.