News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Timoh's Pages:
Cryptography in web applications a false sense of security?
August 22, 2012 @ 12:11:11

Timo has a new post looking at cryptography in PHP and some of the common misconceptions and how that functionality that your framework provides might not be good enough.

Does your framework of choice offer an easy way to perform data encryption? Maybe you have even utilized data encryption in some format. [...] It could not be much easier than that. It is hard to argue. But things won't stay as simple as this if you look at the meaning of "secure data encryption" a little bit closer. Usually people encrypt their data to make sure the data will stay safe. What does this actually mean? Simply put, it means your data stays secret as long as the secret key stays secret. No matter if an active attack is going on and the adversary can read your encrypted data.

He looks at why, by itself, encryption isn't that useful - it's only when its applied. He also covers some of the basic questions to ask when working with things like HMAC hashing and ciphertext malleability. He talks about random number/string generation for IVs, encryption keys and what you can do to help make your encryption more secure in its implementation.

0 comments voice your opinion now!
cryptography security encryption application


blog comments powered by Disqus

Similar Posts

SitePoint PHP Blog: The next hot PHP app you install might be IBM's

PHP.net: PHP 5.4.27 Released

Anson Cheung's Blog: Top 10 PHP Best Security Practices for Sys Admins

John Maver's Blog: How to create a Bebo application using PHP 5

PHPFreaks.com: Protecting php applications with PHPIDS


Community Events

Don't see your event here?
Let us know!


podcast opinion list framework library laravel api interview example security community language series extension introduction laravel5 php7 voicesoftheelephpant release version

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework