libsodium bills itself asĪ modern, portable, easy to use crypto library.Īfter my experiences investigating it, I'd certainly say that's true (although the official PHP documentation could do with, erm, existing). Since it's the 5th November and I'm not particularly keen on my website going poof like the fireworks tonight, let's do something about it! PHP 7.2+ comes with native libsodium support (those still using older versions of PHP can still follow along! Simply install the PECL module). The solution here, obviously, is to utilise a better encryption system.
This is, of course, very insecure - especially since an attacker knows (or can at least guess) the content of the encrypted key, making it trivial (I suspect) to guess the password used for 'encryption'. In the last post, I transformed the comment key with a number of reversible operations - including a simple XOR password system. Today, I've given it another upgrade to make it harder for spammers to fake a comment key! I've blogged about the comment key system I utilise on this blog to prevent spam before ( see also). Using libsodium to upgrade the comment key system
0 kommentar(er)
