Choose the right password vault for your PHP program

Cryptography is not magic. Encrypting an application does not guarantee its security under attack (especially if you do not have the authentication cipher set). But if you want to ensure the security of your program for business reasons, the traditional approach suggests you should not try to design your own password. You should use the existing password vault.

Well, I know all the above. So which PHP password library should I use?

It depends on your actual needs. Let's take a look at some good choices. (We will not mention any bad password vault.) ）

Secure PHP Password Library recommendations

The following is a list of PHP cipher libraries that can be deployed in a production environment with a high level of security trust. This checklist is prioritized based on the following three criteria.

1. How secure is this password vault, if used correctly?
2. What is the degree of difficulty in risky behavior?
3. How easy is it for a non-cipher cracker to maximize its use?

halite– from Paragon Initiative Enterprises

We recommend this password vault not only because it is self-written, but because you can get all the security of using libsodium through a simple and intuitive interface. This is a free software, and the source code can be directly obtained.

Benefits of using Halite

• Main Line

• Symmetric key authentication Encryption
• Symmetric key authentication (ex: API message)
• Asymmetric key authentication Encryption
• Asymmetric Key Anonymous encryption
• Asymmetric Key Digital Signature

• Full file encryption (see: All mainline Features)

• Encrypt cookies

• Password storage

• You do not need to know what the current value is and you do not need to pay special attention to authentication encryption. Halite will help you do everything well.

We created Halite for PHP developers to get all the security benefits of Libsodium expansion through a simpler interface. Check out the relevant Halite file to see how easy it is to use. (Although the API is fixed, the Halite help file is still imperfect.) However, it is enough to cover entry-level content. ）

The only drawback is that you must install PHP's Libsodium expansion pack to use Halite. So for many projects, the halite approach is not feasible.

Installation Guide:

1. Installing PHP's Libsodium expansion pack
2. Need Paragoniehalite '

Obviously, if you don't like the decisions we make for halite, we can consider using libsodium directly.

Advantages of using Libsodium

• Symmetric key encryption Authentication (same as: Aead)

• Symmetric key authentication

• Asymmetric key authentication encryption

• Asymmetric key anonymous encryption

• Asymmetric key digital signature

• Cryptographic hash functions

• Password storage

• Swiss Saber-type cryptography primitives (e.g., elliptic curves of the Curve25519-based Diffe-hellman key exchange protocol)

• Memory removal (0) capability in PHP

• A lot more

Pay tribute to Frank Denis and the group that created NaCl (Libsodium) because Libsodium has always been the most reliable, cross-platform cryptographic library in the world.

Installation Guide

See related files.

PHP encryption– from Defuse Security

If you cannot install the PHP extension package from pecl (that is, you will never be able to install libsodium), this password vault should be your alternate choice. In general, regardless of the scenario your framework provides, you should prioritize it because our security team often discovers flaws in the symmetric key encryption functionality provided by the PHP framework.

Advantages of using defuse Security's PHP password library:

Symmetric-key Authenticated encryption

• Symmetric key authentication encryption

It solves a problem that most people will encounter (and it's great to solve). The second edition of the Vault (coming soon!) ) will also cover full file encryption, but since it has not yet been published, we are not yet able to add a sub-item.

Phpseclib-jim Wigginton, et al. (For RSA only)

If you must install symmetric key encryption, please use the defuse password vault above. Defuse Security's password vault provides you with authentication encryption, while the AES implementation of Phpseclib does not validate ciphertext. So if you use it, your resistance to the selection of ciphertext attacks will be very fragile. (Their interactive files are also badly faulted in ECB mode, the worst block cipher we've ever mentioned.) ）

Although the API level provided by Phpseclib for universal symmetric key encryption is too low for us to recommend it in this way for PHP developers without a cryptographic background, it provides a better way to encrypt asymmetric keys than EXTOPENSSL.

If you insist that you must use asymmetric key encryption (public key encryption, electronic signatures) and cannot use Libsodium for a variety of reasons, you should consider installing Phpseclib and strictly follow the correct answer to the cryptographic algorithm presented by Colin Percival.

Special attention

• RSA encryption algorithm: RSA-OAEP (Optimal Asymmetric Encryption padding), first consider $rsa-setmgfhash (' sha256 ')
• RSA Signature Encryption: RSA-PSS (probabilistic signature scheme), again explicitly specified using mgf1+sha256

If you happen to be a cryptographic expert, you can ignore our warning message and use the symmetric key encryption provided by Phpseclib. But for most programmers of non-cryptographic experts, it's best not to ignore our hints.

Advantages of using Phpseclib:

• Symmetric key authentication (via HMAC key, PHP also provided)
• Asymmetric secret key anonymous encryption (RSA)
• Asymmetric secret key Electronic signature method (RSA)

What's new (2015-11-19) Easy RSA

After this blog post, we also developed a plug-in installation package for the proposal, Easyrsa. Easyrsa is a phpseclib use of a direction-determined and default security setting.

EASYRSA Encryption Process

Issue: Encrypting a large string with RSA, even if RSA itself does not support encrypting large string data.

The original solution is to split the string you entered into chunks and separately encrypt them separately. However, this is very similar to the dreaded Code-based (ECB) model. The same: The process of its processing is also very slow. This is a very bad solution.

Our Solutions

• Generate a temporary secret key

• Encrypt your message using PHP symmetric key encryption defuse Security's password vault

• Using an existing RSA public key to encrypt the temporary key (a way to resist padding oracles attack)

• Based on 64-bit encoding and using the version tag prefix to connect the ciphertext
• Additional checksum in step fourth (truncated hash SHA256 encryption algorithm) to enhance the transmission storage error detection capability.

To decrypt a message

1. Verifying the inspection and and version markings
2. To decrypt the temporary secret key using the correct RSA private key
3. Use the decryption key obtained in the previous step to obtain clear text

Easyrsa uses only RSAES-OAEP + mgf1-sha256 with e = 65537来 for public key cryptography, known to be well-resistant to any padding Oracle attack.

Easyrsa Signature Method

The RSA signature method is relatively straightforward: use RSASS-PSS + mgf1-sha256 with e = 65537来 to compute the RSA signature, and then verify that it is set to accept only this type of signature.

But seriously, if you really want to find a way to secure encryption for your PHP program, try looking for ways to use Libsodium. We are pushing to make libsodium the core expansion pack in PHP7.1, so hopefully it will be as easy to use in the future as "Update new PHP".

About the PHP Crypto library recommendations we provide

What about the other cipher libraries?

Any unsuccessful reasons for the failure of the password vault mentioned above can be explained by the following three possible reasons:

1. We reviewed the password vault, but it's not enough to make recommendations. (It is possible that we have informed creators of their password inventory in a defect so that they can be improved.) ）
2. The password vault is too narrow to use (such as crypt GPG), or, despite security, it is not relevant to the widespread use of encryption.
3. We are too busy to review the password vault. (We may not yet be aware of the existence of this password vault.) ）

If you are interested in a password library that we have identified as defective, please review the security Recommendations page for more information.

In PHP, how should we encrypt the password?

You do not need to encrypt the password, you only need to use the appropriate password hashing algorithm (hash cipher algorithm) to clutter the password. One of the current best cipher libraries is built in PHP: Password hash () andpasswordverify (). This hashing algorithm is stable and effective for 99% of programmers or enterprises. This algorithm is so great.

However, if you store the passwords in your database on different servers in your Web application, you can mitigate the risk of password intrusion by encrypting the hash instead of encrypting the password itself. To use this method, please check out the halite password course.

Important Security Advice Disclaimer

While we employ some of the top industry experts in PHP development security (and we specialize in cryptography), without understanding your specific project requirements and risk models, they are not able to guide you in choosing the solution that best meets your needs when writing this wizard.

So if, for example, you need to use an asymmetric encryption algorithm and choose to use defuse Security's symmetric cryptographic cipher, do not say "Yes Paragon Initiative Enterprises let me do it!" ”

If you want to get our safety advice based on your specific project, consider hiring us for a security Advisory service.

Or in legal terms: this information does not provide any warranty, use at your own risk.

Original address: Choosing the right Cryptography Library for your PHP project:a guide

This article is compiled and collated by ONEAPM engineers. OneAPM is an emerging leader in application performance management, enabling enterprise users and developers to easily implement slow program code and real-time crawling of SQL statements. To read more technical articles, please visit the ONEAPM official blog.

