Casa > cibernético Notícias > random_compat, Senhas de criptografia no WordPress, Aplicativos PHP
CYBER NEWS

random_compat, Senhas de criptografia no WordPress, Aplicativos PHP

p10_0000A criptografia tem sido um tópico central no campo da segurança na Web. Um dos aspectos que preocupam muitos webmasters - senhas criptograficamente criadas - acaba de se tornar um hot spot. Several beloved PHP projects are about to get nicer with cryptography.

Scott Arciszewski from Paragon Initiative Enterprises and other members of the open source community have been working on increasing the security in PHP applications. These changes are about to be implemented in popular projects such as WordPress, Laravel, and Symfony.

WordPress 4.4, Laravel 5.2 and Symfony 2.8 will soon have the built-in support for CSPRNG, or Cryptographically Secure PseudoRandom Number Generator.

What is CSPRNG and how does it work?

CSPRNG is a random number generation algorithm designed to be used for cryptographic purposes. The use of such algorithms is highly recommended because they generate true random numbers with a high level of entropy. Em outras palavras, those numbers will be much harder to crack in brute-force attacks.

Scott Arciszewski believes that the lack of a decent random number generation system in the open-sources Facebook SDK (software development kit) should inspire experts to contribute. At least that’s what inspired him. What he did first is recommend a plan for Facebook developers to improve the SDK. Então, he took 2 cryptographically safe functions, added them to PHP 7 and ported them to work on PHP 5.x.

random_compat library included in the code base of WordPress

WordPress, Laravel, and Symfony have already integrated the random_compat library in their code base. Contudo, Joomla is a bit behind with the cryptography practices.

Arciszewski has recently told Softpedia that:

‘JCrypt is Joomla’s cryptography library and it handles a lot of things, from symmetric-key encryption to password authentication,’ acrescentando que, ‘Their legacy password authentication (pre-bcrypt) is vulnerable to (...) a ‘magic hash’ vulnerabilidade (...).’

Those aren’t the only issues the Joomla dev team will have to handle, which is a pity, since the Joomla platform is quite popular.

Learn more from Arciszewski’s blog post.

Referências

Softpedia

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...