Search the Community
Showing results for tags 'encryption'.
Found 3 results
I've been having trouble understanding what exactly the salt argument and its purpose are. Can someone explain it in context (give an example?)? I've also been having some trouble with step 4 in the example in the book. I'm using phpMyAdmin and when I type in the code, it says that 'nacl' is not identified. Is this normal? If so, is there a way I can get around it or do I have to use the shell? Thanks!
I'm rebuilding a registration system with the model from your book, but I keep coming across articles that say SHA1, SALT, and SHA256 are not very useful anymore. Therefore, I am thinking of using scrypt, or something like it to handle encryption. Is this an overblown issue? If it is a valid concern, do you have any advice on how to implement it with the code from the book? I am using a hosted server, in case that is important for downloading etc.
I was wondering in what sense is the information secure by using this linear/symetric encryption methods? Even if you hide the password or the salt they are there somewhere, in the database or in the PHP code. Asymetric encryption (with public key) suffer of the same problem. As far as you have to encrypt and decrypt the information on the same site it doesn't make any difference what method you are using as far as the keys or passwords and/or salts must pe present on the same machine. I am a little puzzled by this situation and I was wondering what is expected from a programmer to do in order to safely encrypt the information? I guess it has something to do with the server settings. At the PHP level I am not sure, but having the code with the key either obsfurcated and encrypted by something like Zend or compiled with bcompiler... will be enough to store the key(s) on the same server? Does anybody knows ways to bind the key to specific hardware or other methods that may work? Or is ths too much? I would really appreciate your input on this one. Thank you.