About encryption: PHP encryption best practices and php Best Practices

About encryption: PHP encryption best practices and php Best Practices

About encryption: Best practices for PHP encryption.

1. Purpose of Encryption

Encryption is different from passwords. encryption is an action or process. The purpose is to convert a piece of plaintext information (information that humans or machines can directly read) into a character that does not seem to have any meaning, information can be converted back to meaningful readable information only through pre-defined decryption rules. Encryption can prevent unauthorized information theft.

2. storage encryption and transmission Encryption

Encryption can be divided into storage encryption and transmission encryption based on different encryption objects. Storage encryption refers to the encryption of data stored on paper, disk, database, and other media, transmission encryption refers to the encryption of data over computer networks, telephones, telegrams, and other communication channels. No matter which type of encryption is described above, the information is encrypted in essence.

3. Encryption Algorithm

There are many types of encryption algorithms that have evolved in history. The simplest encryption algorithm I know is to use a dictionary or Bible to encrypt the text on pages and row and column numbers in a movie. During decryption, as long as the decrypted person holds the same dictionary and Bible and knows the correspondence between numbers and words, the decryption can be performed. This encryption method was once very effective because the dictionary used for encryption can be any book or even a newspaper.

3.1 symmetric encryption algorithm

According to modern encryption algorithms, the preceding encryption methods can be classified as symmetric encryption.

Symmetric encryption is the use of the same key for encryption and decryption, which is also one of the most significant shortcomings of this encryption algorithm. The dictionary and the Bible above can also be understood as a key. In modern encryption algorithms, DES, 3DES, and AES all belong to symmetric encryption algorithms.

Symmetric encryption has an obvious drawback, that is, the key. Especially during transmission encryption, the sender and receiver of the information must use the same key to encrypt and decrypt the information. How can the receiver securely obtain the key becomes the focus of such encryption, once the key is intercepted, the entire encrypted communication is transmitted in plaintext.

Therefore, symmetric encryption is more suitable for storage encryption. For example, some computer hard disks use the encryption chip on the motherboard to encrypt the entire hard disk, using the symmetric encryption algorithm.

3.2 asymmetric encryption algorithm

Due to the defects of symmetric encryption in the field of communication encryption, W. Diffie and M. Hellman proposed the concept of "asymmetric encryption" in 1976. The encryption algorithms include public keys and private keys. Public Keys are used to encrypt information, and private keys are used for decryption, the recipient of the information can generate a public key and private key in advance, and then send the public key to all information senders. The information sender uses the public key to encrypt the information and then sends the information to the receiver, the recipient can use the private key for decryption. The advantage of this algorithm is that the decryption of the private key does not need to be transmitted, reducing the possibility of private key leakage (which can only be reduced, unavoidable, and consideration should be given.

Common asymmetric encryption algorithms include RSA, EIGamal, backpack algorithm, Rebin (Special case of RSA), public key encryption algorithm and elliptic curve encryption algorithm in the difi-Herman Key Exchange Protocol. The most well-known is the RSA algorithm.

Comparison of 3.3

Symmetric encryption: because both encrypted and decrypted data must have the same key, communication between distribution and synchronization of the key is prone to leakage of the key, but symmetric encryption is much faster than asymmetric encryption, especially for the encryption of a large amount of data is more obvious.

Asymmetric encryption. One of its major drawbacks is its slowness, which is suitable for encrypting a small amount of data.

Therefore, in practice, the two are often used in combination. For example, after both parties establish A communication, A first generates A pair of public and private keys and sends the public key to B, B uses the public key to encrypt the "Key + Validity Period" of A symmetric encryption algorithm, and then sends it back to A. After A uses the private key for decryption, the key of A symmetric algorithm is synchronized conveniently, then, you can use this key to encrypt and decrypt the communication data within the specified validity period. The process is roughly as follows:

3.4 misunderstandings

Some may ask why I haven't heard of my common md5 and hash algorithms (sha1, sha256, sha512, and sha1024, md5 and hash algorithms cannot be regarded as encryption algorithms. They all belong to information summarization algorithms and can generate unique information summaries for different information. They are all irreversible algorithms, that is, the original information cannot be restored through the generated abstract information. In practical applications, these algorithms are often used to calculate the password entered by the user and compare the calculation results to verify that the password entered by the user is correct. Another application scenario is communication signature, which is used to verify whether information is lost or tampered with during communication.

4. PHP encryption Best Practices

Encryption is always inseparable from security, and every PHPer must integrate application security into the code as necessary. The following are some best practices and suggestions.

Do not use MD5 or sha1. basically, it is no longer difficult to crack.

Use password_hash to hash the password (the php version is later than or equal to 5.5, And the password_compat library must be used if it is less than 5.5). Since the password_hash function has helped you deal with the salt, as a random string of salt, the encryption algorithm has become a part of the hash. The password_verify () function automatically extracts the salt from the hash, so you do not need to consider the storage of salt.

For the communication interface signature, use an asymmetric algorithm to encrypt the signature key, set the key validity period, and change regularly.

If you have any questions or suggestions, you can scan the QR code below or search for [phpjiago ushier], follow my public account [PHP architect], and interact with me.