> In CakePHP I noticed the cipher() function as part of the Security > class. At first glance however, I wasn't able to discern what type of > encryption scheme is being used.
It's a simple symmetric key bitmask cipher. > My question is this: How does CakePHP's cipher() function stack up > against something like mcrypt()? Is it of a similar level of security? > Can I sleep safely at night knowing that cipher() is going to be as > strong as, say, MCRYPT_BLOWFISH? >From cold hard facts, no. However, as with any symmetric key algorithm (Blowfish is also a SKA), you're going to have to store the key somewhere (PHP file, Apache config, DB, etc.). If I was going to attempt to steal your encrypted information, my first act would be to take the path of least resistance and obtain your key string, because a full-blown cryptanalysis takes time and effort, and is an extremely difficult undertaking in general. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
