Wake Up! Do You Know Encryption?

I’m surprised by how many developers aren’t familiar with encryption. Many say to me that encryption is md5 and sha1.

Applications often need one-way encryption and two-way encryption. There are also public/private key encryption schemes like pgp which are not as commonly used in web applications.

All Developers should be familiar with using md5 and sha1 and with using mcrypt. Most importantly, always store passwords encrypted—one- or two-way encryption works.

When using encryption to keep data secure, there are many considerations.

One-Way Encryption Suggestions

  • Use a salt string to add more variety
  • Store the salt string in a safe place where web surfers can’t see it
  • Don’t send the salt string across the network (e.g. don’t store it in a database)

Two-Way Encryption Suggestions

  • Use a strong algorithm such as AES (not Triple DES or Blowfish)
  • Store the key in a safe place where web surfers can’t see it
  • Don’t send the key across the network (e.g. don’t store it in a database)
  • Don’t decrypt data then send it across the network (e.g. encrypt/decrypt in MySQL)
  • Keep it simple by storing the iv padder with the encrypted string and keeping the encrypted string in base 64
  • Pretend that the information you store is your own; would you be uncomfortable if a hacker saw it? Always encrypt information like social security numbers, credit card numbers other account numbers. Consider encrypting personal data such as name, phone and address.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Powered by sweet Captcha