Select a suitable password library for your PHP program

It is not a magic to select a suitable KeyStore cryptography for your PHP program. Encrypting an application does not guarantee its security under attack (especially when you have not set the verification ciphertext ). However, if you want to ensure program Security for business purposes, we recommend that you do not design your own password. You should use the existing password library.

Now, I understand all of the above. Which PHP password library should I use?

It depends on your actual needs. Let's take a look at some good options. (We won't mention any bad password library .)

Secure PHP password library

The following is a list of PHP cryptographic libraries that can be deployed in production environments with high security trust. This list is prioritized based on the following criteria.

1. If correct, how secure is the password library?
2. How difficult is risky behavior?
3. What is the ultimate simplicity of a non-password-cracking translator?

Halite-from Paragon Initiative receivises

We recommend this password library not only because it is self-written, but also because you can obtain all the security protection using libsodium through simple and intuitive interfaces. This is a free software, and the source code can be directly obtained.

Benefits of using Halite

• Main Line

• Symmetric key authentication encryption
• Symmetric key authentication (for example, API messages)
• Asymmetric key authentication encryption
• Asymmetric key anonymous encryption
• Asymmetric Key Digital signature

• Full file encryption (see all main line features)

• Encrypt cookies

• Password storage

• You do not need to know what the current value is or pay special attention to authentication encryption. Halite will help you do everything well.

We created Halite for PHP developers to obtain all the security advantages extended by libsodium through a simpler interface. You can see how easy it is to use Halite files. (Although the API is fixed, the Halite help file is still incomplete. However, it is sufficient to cover entry-level content .)

The only drawback is that you must install the libsodium extension package of PHP to use Halite. Therefore, for many projects, the Halite method does not work.

Installation Guide:

1. Install the libsodium extension package of PHP
2. Paragoniehalite is required'

Obviously, if you do not like our decision on Halite, you can consider using libsodium directly.

Advantages of using libsodium

• Symmetric key encryption authentication (same as AEAD)

• Symmetric key authentication

• Asymmetric key authentication and encryption

• Asymmetric key anonymous encryption

• Asymmetric key digital signature

• Encryption hash function

• Password storage

• Swiss Army-based cryptographic primitives (for example, the elliptic curve of the Diffe-Hellman key exchange protocol based on Curve25519)

• Memory cleanup (zero-padding) in PHP

• More

Please pay tribute to Frank Denis and the group that created NaCl (libsodium), because libsodium has always been the most reliable and cross-platform cryptographic library in the world.

Installation Guide

See related files.

PHP Encryption-from Defuse Security

If you cannot install the PHP extension package from PECL (that is, libsodium will never be installed), this KeyStore should be your alternative. Generally, whatever solution your framework provides, you should give priority to it, because our security team often finds the defect of the symmetric key encryption function provided by the PHP framework.

Advantages of using Defuse Security's PHP KeyStore:

• Encryption Ric-key authenticated encryption

• Symmetric key authentication and encryption

It solves a problem most people will encounter (and it is very good ). The second version of the password library (coming soon !) It will also cover full file encryption, but since it has not yet been released, we cannot add this item.

Phpseclib-Jim Wiginton, et al. (for RSA only)

If you must install symmetric key encryption, use the above Defuse password library. The Defuse Security password library provides you with authentication encryption, while the AES implementation of phpseclib does not verify the ciphertext. Therefore, if you use it, your resistance to select ciphertext attacks will be very weak. (Their interaction files are also prone to severe errors in ECB mode, which is the worst group password mode we have mentioned .)

Although phpseclib provides a low API level for the general symmetric key encryption method, we do not want to recommend it to PHP developers who do not have a cryptographic background, however, extopenssl provides a better asymmetric key encryption method.

If you insist that you must use asymmetric key encryption (public key encryption, electronic signature) and cannot use libsodium for various reasons, you should consider installing phpseclib, and strictly follow the correct answer to the password algorithm proposed by Colin Percival.

Special note

• RSA encryption algorithm: RSA-OAEP (Optimal Asymmetric Encryption fill), first consider $ rsa-setMGFHash ('sha256 ')
• RSA signature encryption: RSA-PSS (probabilistic signature scheme), again explicitly specifying the use of MGF1 + SHA256

If you happen to be a cryptography expert, you can ignore our warning information and use the symmetric key encryption method provided by phpseclib. However, for most programmers who are not cryptographic experts, it is best not to ignore our prompts.

Advantages of using PHPSecLib:

• Symmetric key authentication (via HMAC key, which is also provided by PHP)
• Asymmetric key anonymous encryption (RSA)
• Asymmetric key electronic signature method (RSA)

Update content () Easy RSA

After this blog is published, we have developed the plug-in installation package EasyRSA. EasyRSA is a type of phpseclib that is determined in the direction and configured with security by default.

EasyRSA encryption process

Problem: RSA is used to encrypt a large string, even though RSA itself does not support data encryption.

The original solution is to split the string you entered into blocks and encrypt them separately. However, this is very similar to the terrible ECB model. Similarly, its processing process is also very slow. This is a very bad solution.

Our solutions

• Generate a temporary key

• Use the Defuse Security PHP symmetric key to encrypt your message in the KeyStore.

• Use an existing RSA public key to encrypt a temporary key (a good method to defend against padding using les attacks)

• It is based on 64-bit encoding and uses the version tag prefix to connect to the ciphertext.
• Append the checksum (the hash SHA256 encryption algorithm intercepted) in step 4 to enhance the transmission storage error detection capability.

To decrypt a message

1. Verification and version marking
2. Use the correct RSA private key to decrypt the temporary key
3. Use the decryption key obtained in the previous step to obtain the plaintext.

EasyRSA only uses RSAES-OAEP + MGF1-SHA256 with e = 65537 for public key encryption, known to be this encryption method is good resistance to any padding oracle attack.

EasyRSA signature method

The RSA signature method is relatively straightforward: calculate the RSA signature using RSASS-PSS + MGF1-SHA256 with e = 65537, and then verify that it is set to accept this signature only.

But seriously, if you really want to find a secure encryption method for your PHP program, try to find a method that can use libsodium. We are promoting libsodium to become the core expansion package in PHP7.1, so we hope it will be as simple as "updating PHP" in the future.

What other cryptographic libraries are recommended for the PHP encryption library we provide?

Any reason for unelection of password libraries not mentioned above can be explained by the following three possible reasons:

1. We reviewed the password library, but it is not enough for us to make recommendations. (It is possible that we have informed creators that their password inventory is defective so that they can improve it .)
2. The password library is too narrow (for example, Crypt GPG), or although secure, it is not related to the extensive use of encryption.
3. We are too busy to review the password library. (We may not know the existence of this password library .)

If you are interested in the password library that we identify as defective, please refer to the security suggestions page for more information.

In PHP, how should we encrypt the password?

You do not need to encrypt the password. you only need to use a suitable hash algorithm (hash algorithm) to confuse the password. One of the current best cryptographic libraries is the built-in PHP: password hash () andpasswordverify (). This hash algorithm is stable and effective for 99% programmers or enterprises. This algorithm is so good.

However, if you store passwords in your database on different servers of your web application, you can reduce the risk of password intrusion by encrypting the hash (instead of encrypting the password itself. To use this method, view the Halite password course.

Important security suggestion Disclaimer

Although we have hired some top experts in the PHP Development security industry (and we are dedicated to application cryptography), without understanding your specific project requirements and risk models, when writing this guide, they cannot guide you to select the most suitable solution.

Therefore, if, for example, you need to use the asymmetric encryption algorithm and choose to use the Defuse Security symmetric encryption password library, do not say "Paragon Initiative encryption ISES let me do this !"

If you want to obtain our security suggestions based on your specific project, please consider hiring us for security consulting services.

Or, in legal terms, the information in this article does not provide any guarantee and is at your own risk.

Original article address: Choosing the Right Cryptography Library for your PHP Project: A Guide

This article is compiled by OneAPM engineers. OneAPM is an emerging leader in the application performance management field. it helps enterprise users and developers easily achieve slow real-time crawling of program code and SQL statements. For more technical articles, visit the official OneAPM blog.