News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Timoh's Pages:
Cryptography in web applications a false sense of security?
August 22, 2012 @ 12:11:11

Timo has a new post looking at cryptography in PHP and some of the common misconceptions and how that functionality that your framework provides might not be good enough.

Does your framework of choice offer an easy way to perform data encryption? Maybe you have even utilized data encryption in some format. [...] It could not be much easier than that. It is hard to argue. But things won't stay as simple as this if you look at the meaning of "secure data encryption" a little bit closer. Usually people encrypt their data to make sure the data will stay safe. What does this actually mean? Simply put, it means your data stays secret as long as the secret key stays secret. No matter if an active attack is going on and the adversary can read your encrypted data.

He looks at why, by itself, encryption isn't that useful - it's only when its applied. He also covers some of the basic questions to ask when working with things like HMAC hashing and ciphertext malleability. He talks about random number/string generation for IVs, encryption keys and what you can do to help make your encryption more secure in its implementation.

0 comments voice your opinion now!
cryptography security encryption application


blog comments powered by Disqus

Similar Posts

DevShed: Securing Your Web Application Against Attacks

Mihai Corlan's Blog: Flex/AIR and PHP apps

IBM developerWorks: Building the DB2 Health Monitor Sample Application for PHP (Part 2)

Metapundit.net: Partial function application in PHP

Simas Toleikis's Blog: Idea for a PHP Validator


Community Events











Don't see your event here?
Let us know!


install opinion code component hack series composer unittest facebook language introduction package hhvm application symfony2 release framework example podcast security

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework