Cryptographically Secure PHP Development

0
44

Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to some tips and techniques to :

– The Zeroth Rule of PHP Cryptography
– Easy Wins for PHP Cryptography Code
– PHP Cryptography: The Hard Parts

As conclusion, some cryptography best practices are simply not possible. To wit: PHP doesn’t allow you to perform direct memory management, so zeroing out memory buffers is not possible.

Furthermore, if a vulnerability is introduced somewhere else in the PHP interpreter (for example, via OpCache), there’s very little (if anything) you can do to mitigate it from a PHP script.

Read more at https://paragonie.com/blog/2017/02/cryptographically-secure-php-development

NO COMMENTS

Leave a Reply