Ensuring proper encryption

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
buckyhouse
Forum Newbie
Posts: 1
Joined: Fri Apr 18, 2014 8:44 am

Ensuring proper encryption

Post by buckyhouse »

I've been looking for measures to take for proper encryption. I've had my website attacked once before and was not prepared. Took me almost 48 hours to get back up and running. It's a small team that I work with so I want to make sure I never have to work out those kinks again. Since a lot of experts have been lately pushing security and encryption, it seems that "over-preparing" for a data breach is better than standing pat (some might call is "over-reacting" but I'd rather be safe than sorry).

I've had recommendations for using MyCrypt PHP Library with Cipher Block Chaining (CBC) mode, and it seems smoother than the Electronic Codebook (ECB) mode that I was using.

I've found helpful scripts online, but some can be a bit taxing when I need to decrypt around 30 data-strings in a single page. It takes about 10 secs to decrypt one at my current rate.

Suggestions?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Ensuring proper encryption

Post by Christopher »

It is not clear what you are encrypting or how your site was attacked/vulnerable before. Why do you need to "around 30 data-strings in a single page"?
(#10850)
Post Reply