librelist archives

« back to archive

Change in the default encryption mode - Backward incompatible

Change in the default encryption mode - Backward incompatible

Loic d'Anterroches
2011-03-16 @ 11:10

As I am slowly learning about cryptography, I finally found what should
be done for cryptography, hashing and signing:

- signing: hmac with sha1 algorithm.
- hashing (passwords): crypt with blowfish algorithm.
- encryption/decryptino: twofish with CFB mode.

Signing is done and good. Hashing is not yet used in Photon, so nothing
to worry about, we will just use the right way right from the start.

Encryption is bad, we are using twofish and ecb mode to not have to use
an initialisation vector to save space for encrypted cookies in the
session storage. This is stupid. I am going to add a cookie with the IV
(it is not a problem to have it publicly available) and this will allow
us to have a really robust system.

Yes, I want all the crypto stuff to be top notch for Photon to sleep
well at night.


Indefero - Project management and code hosting -
Photon - High Performance PHP Framework -
Céondo Ltd - Web + Science = Fun -