Cryptography has been a central topic in the field of Web security. One of the aspects that concern many web masters – cryptographically crafted passwords – has just turned into a hot spot. Several beloved PHP projects are about to get nicer with cryptography.
Scott Arciszewski from Paragon Initiative Enterprises and other members of the open source community have been working on increasing the security in PHP applications. These changes are about to be implemented in popular projects such as WordPress, Laravel, and Symfony.
WordPress 4.4, Laravel 5.2 and Symfony 2.8 will soon have the built-in support for CSPRNG, or Cryptographically Secure PseudoRandom Number Generator.
What is CSPRNG and how does it work?
CSPRNG is a random number generation algorithm designed to be used for cryptographic purposes. The use of such algorithms is highly recommended because they generate true random numbers with a high level of entropy. In other words, those numbers will be much harder to crack in brute-force attacks.
Scott Arciszewski believes that the lack of a decent random number generation system in the open-sources Facebook SDK (software development kit) should inspire experts to contribute. At least that’s what inspired him. What he did first is recommend a plan for Facebook developers to improve the SDK. Then, he took 2 cryptographically safe functions, added them to PHP 7 and ported them to work on PHP 5.x.
random_compat library included in the code base of WordPress
WordPress, Laravel, and Symfony have already integrated the random_compat library in their code base. However, Joomla is a bit behind with the cryptography practices.
Arciszewski has recently told Softpedia that:
‘JCrypt is Joomla’s cryptography library and it handles a lot of things, from symmetric-key encryption to password authentication,’ adding that, ‘Their legacy password authentication (pre-bcrypt) is vulnerable to (…) a ‘magic hash’ vulnerability (…).’
Those aren’t the only issues the Joomla dev team will have to handle, which is a pity, since the Joomla platform is quite popular.
Learn more from Arciszewski’s blog post.
References
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: