News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Timoh's Pages:
Cryptography in web applications a false sense of security?
August 22, 2012 @ 12:11:11

Timo has a new post looking at cryptography in PHP and some of the common misconceptions and how that functionality that your framework provides might not be good enough.

Does your framework of choice offer an easy way to perform data encryption? Maybe you have even utilized data encryption in some format. [...] It could not be much easier than that. It is hard to argue. But things won't stay as simple as this if you look at the meaning of "secure data encryption" a little bit closer. Usually people encrypt their data to make sure the data will stay safe. What does this actually mean? Simply put, it means your data stays secret as long as the secret key stays secret. No matter if an active attack is going on and the adversary can read your encrypted data.

He looks at why, by itself, encryption isn't that useful - it's only when its applied. He also covers some of the basic questions to ask when working with things like HMAC hashing and ciphertext malleability. He talks about random number/string generation for IVs, encryption keys and what you can do to help make your encryption more secure in its implementation.

0 comments voice your opinion now!
cryptography security encryption application


blog comments powered by Disqus

Similar Posts

Secunia.com: PHP Integer Overflow Vulnerability and Security Bypass

Community News: Zephyr Framework - Ajax/PHP5

Anthony Ferrara's Blog: Security Review: Creating a Secure PHP Login Script

IBM developerWorks: Get started with Project Zero and PHP

SitePoint Web Tech Blog: OSCON 2006: Gettting Rich with PHP5


Community Events





Don't see your event here?
Let us know!


introduction library community opinion podcast series deployment zendserver package framework list laravel tips symfony api interview install language update release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework