php[tek] 2108 - Cryptography Advances in PHP 7.2
•
0 recomendaciones•246 vistas
There were some pretty substantial cryptography advances in PHP 7.2. Most of these changes were made to make advanced cryptography easier to use. That’s a good thing for developers and end users alike. The addition of libsodium is a game changer. It makes synchronous and asynchronous cryptography a no-brainer and adds better hashing than we've ever had. Argon2i for passwords is pretty substantial as well. We’ll go over the changes and have some practical examples of each. Developers need to know about these advances and just how awesome they are.
![@adam_englander
PHP[TEK] 2018
Wifi:
Sheraton Conference
Pass: phptek2018
Twitter:
#phptek
Rate the Talks
https://joind.in/event/phptek-2018](https://image.slidesharecdn.com/phptek2108-cryptographyadvancesinphp7-180601213135/85/php-tek-2108-Cryptography-Advances-in-PHP-7-2-1-320.jpg)
Recomendados
Más contenido relacionado
La actualidad más candente
Similar a php[tek] 2108 - Cryptography Advances in PHP 7.2
Similar a php[tek] 2108 - Cryptography Advances in PHP 7.2 (20)
Más de Adam Englander
Más de Adam Englander (20)
Último
Último (20)
php[tek] 2108 - Cryptography Advances in PHP 7.2
- 1. @adam_englander PHP[TEK] 2018 Wifi: Sheraton Conference Pass: phptek2018 Twitter: #phptek Rate the Talks https://joind.in/event/phptek-2018
- 2. @adam_englander Cryptography Advances in PHP 7.2 Adam Englander Software Architect, iovation
- 3. @adam_englander Half of the changes identified in the PHP7.2.0 release announcements were related to cryptography.
- 4. @adam_englander SSL is Dead! Long live TLS!
- 5. @adam_englander Streams ssl:// is now an alias of tls://
- 6. @adam_englander Steam Defaults STREAM_CRYPTO_METHOD_TLS_SERVER, STREAM_CRYPTO_METHOD_TLS_CLIENT, and tls:// default to TLSv1.0 + TLSv1.1 + TLSv1.2 Instead of TLSv1.0 only
- 10. @adam_englander Easy, Secure, and Fast
- 12. @adam_englander Opinionated for your pleasure
- 14. @adam_englander Does a Lot of Heavy Lifting
- 15. @adam_englander Secure Like the Phantom Zone
- 19. @adam_englander Constant-Time Test for Equality "abcdefg" == "hijklmnop" sodium_memcmp("abcdefg", "hijklmnop") "abcdefg" == "abcdefq" sodium_memcmp("abcdefg", "abcdefq")
- 20. @adam_englander String Memory Overwrite sodium_memzero($value); $value = "000000"; $value = "secret";
- 21. @adam_englander Fast Like the Millennium Falcon
- 24. @adam_englander Key Derivation a.k.a. password hashing
- 28. @adam_englander Time based rather count based iterations
- 30. @adam_englander Exposed via Password Function
- 33. @adam_englander Blake2b for data validation
- 34. @adam_englander SipHash-2-4 for short hashes
- 35. @adam_englander Symmetric Key Encryption a.k.a secret key encryption
- 40. @adam_englander AES256-GCM if you like pain
- 41. @adam_englander Asymmetric Key Cryptography a.k.a. public key encryption
- 43. @adam_englander Signatures can be attached or detached
- 47. @adam_englander Key Exchange Use with care!
- 50. @adam_englander Key Generation $keyPair = sodium_crypto_box_keypair();
- 51. @adam_englander Getting Public/Private Key Pairs $secretKey = sodium_crypto_box_secretkey( $keyPair); $publicKey = sodium_crypto_box_publickey( $keyPair);
- 52. @adam_englander Creating Mixed Key Pairs sodium_crypto_box_keypair_from_secretkey_and_publickey( $mySecretKey, $theirPublicKey );
- 53. @adam_englander Encryption $nonce = random_bytes( SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = sodium_crypto_box( "Hello ,World!", $nonce, $keyPair);
- 54. @adam_englander Decryption $plaintext = sodium_crypto_box_open( $ciphertext, $nonce, $keyPair);
- 56. @adam_englander Key Generation $keyPair = sodium_crypto_sign_keypair();
- 57. @adam_englander Getting Public/Private Key Pairs $secretKey = sodium_crypto_sign_secretkey( $keyPair); $publicKey = sodium_crypto_sign_publickey( $keyPair);
- 58. @adam_englander Signing $signedMsg = sodium_crypto_sign( "Hello, World!", $secretKey );
- 59. @adam_englander Signature Verification $originalMsg = sodium_crypto_sign_open( $signedMsg, $publicKey ); if ($originalMsg === false) { throw new Exception("Fail!"); }
- 61. @adam_englander Standard Hash $h = sodium_crypto_generichash("Msg"); print base64_encode($h); URvIHd4RGAg4xWLIK7NfMiP0YGHr3kqVXCez9InPHgM=
- 62. @adam_englander Signed Hash $key = random_bytes( SODIUM_CRYPTO_GENERICHASH_KEYBYTES); $h = sodium_crypto_generichash( "Msg", $key); print base64_encode($h); /qV2j5MfGBjJ9g60PQnnQYSt1Y/1csjJzq37C1pE4SE=
- 63. @adam_englander Short Hash $key = random_bytes( SODIUM_CRYPTO_SHORTHASH_KEYBYTES); $h = sodium_crypto_shorthash( "Msg", $key); print base64_encode($h); eCTWVTKkkKw=
- 65. @adam_englander Create KDF Hash $hash = sodium_crypto_pwhash_str( 'Password', SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); print base64_encode($hash); $argon2id$v=19$m=65536,t=2,p=1$qCcD3BqZjmbYEFMKxgsUjA$5BzYYNuACwp3Zq p29QnT9upRxVZykU/P8isst91uKYE==
- 68. @adam_englander Create Password Hash $hash = password_hash( 'Password', PASSWORD_ARGON2I ); $argon2i$v=19$m=1024,t=2,p=2$WW15cG1NLjR0cXZET3Nzeg$ImFwKTaVgDHme95M ROV5S9ssG+e458gdpLz9Cwwiba8