News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Timoh's Pages:
Cryptography in web applications a false sense of security?
August 22, 2012 @ 12:11:11

Timo has a new post looking at cryptography in PHP and some of the common misconceptions and how that functionality that your framework provides might not be good enough.

Does your framework of choice offer an easy way to perform data encryption? Maybe you have even utilized data encryption in some format. [...] It could not be much easier than that. It is hard to argue. But things won't stay as simple as this if you look at the meaning of "secure data encryption" a little bit closer. Usually people encrypt their data to make sure the data will stay safe. What does this actually mean? Simply put, it means your data stays secret as long as the secret key stays secret. No matter if an active attack is going on and the adversary can read your encrypted data.

He looks at why, by itself, encryption isn't that useful - it's only when its applied. He also covers some of the basic questions to ask when working with things like HMAC hashing and ciphertext malleability. He talks about random number/string generation for IVs, encryption keys and what you can do to help make your encryption more secure in its implementation.

0 comments voice your opinion now!
cryptography security encryption application


blog comments powered by Disqus

Similar Posts

Help Net Security: Remote Vulnerabilities Discovered in phpMyAdmin

Chris Shiflett's Blog: Character Encoding and XSS

PEAR Blog: Net_Traceroute and Net_Ping security advisory

Zend Developer Zone: PHP Security Tips #6 and #7

Christopher Kunz\'s Blog: How to increase PEAR security (and give admins a fuzzy feeling)


Community Events





Don't see your event here?
Let us know!


language package symfony laravel community release tips opinion deployment podcast series api framework zendserver list introduction update install library interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework