Alex Nikitin wrote:
It's never a good idea to store all your keys in code,
True, but in the system I was referring to, only the closed source
app knows how to "see" the key in the encrypted templates and there is
no way for another to know how to decrypt the encrypted templates to see
any of the other keys in the code... It's a unique solution for this
type of topic. I don't want to go into too many details because it's not
about PHP and my intention with bringing it up was to see if others knew
of a similar solution within PHP.. which I'm thinking there is not.
that is why we have
an iv, and a salt that you can use... neither is program encryption, since i
can dump it in it's executing form out of memory fairly easily;
Well, not with the situation/app I was talking about..
this is why
hard drive encryption without a controller that does crypto off the main
system is fairly pointless...
I'm not exactly sure what you are saying here.. but there are good
reasons to have built the system that I was referring to... safe
retrieval of secured data being the main idea.
Look, I agree that in a typical online passphrase type of setup,
creating a hash to be matched for access is a great solution under
sensitive situations. You don't need to retrieve the pass as the owner
can change it if they forget... however, encryption is absolutely not
worth nothing and the O.P. stated he was trying to learn about PHP's
Much of the time, a spec requires the access retrieval of secured data
and a developer will have no choice anyway ;-). Not all sensitive data
is at the same sensitivity level either... so mcrypt has its place.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php