News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Timoh's Pages:
Cryptography in web applications a false sense of security?
August 22, 2012 @ 12:11:11

Timo has a new post looking at cryptography in PHP and some of the common misconceptions and how that functionality that your framework provides might not be good enough.

Does your framework of choice offer an easy way to perform data encryption? Maybe you have even utilized data encryption in some format. [...] It could not be much easier than that. It is hard to argue. But things won't stay as simple as this if you look at the meaning of "secure data encryption" a little bit closer. Usually people encrypt their data to make sure the data will stay safe. What does this actually mean? Simply put, it means your data stays secret as long as the secret key stays secret. No matter if an active attack is going on and the adversary can read your encrypted data.

He looks at why, by itself, encryption isn't that useful - it's only when its applied. He also covers some of the basic questions to ask when working with things like HMAC hashing and ciphertext malleability. He talks about random number/string generation for IVs, encryption keys and what you can do to help make your encryption more secure in its implementation.

0 comments voice your opinion now!
cryptography security encryption application


blog comments powered by Disqus

Similar Posts

Joshua Thijssen: Decoding TLS with PHP

DeveloperDrive.com: 5 PHP Security Measures

Northclick Blog: Tutorial for the easy use of gettext for internationalization of PHP Apps

Oracle Technology Network: How To Encrypt Data in Oracle Using PHP

Noupe.com: PHP Security: Fortifying Your Website - Power Tips, Tools & How to's


Community Events





Don't see your event here?
Let us know!


list library interview series symfony release api opinion tips install community framework zendserver introduction package update laravel podcast language deployment

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework