Appendix C. Cryptography
In a book about security, cryptography
is an expected topic. I have chosen to neglect cryptography in the majority of the book because its purpose is narrow, and developers need to pay attention to the big picture. Relying on encryption is often a red herring. It serves its purpose well, but encrypting something doesn't magically make an application secure.
The key types of
cryptography with which a PHP developer should be familiar are as follows:
Symmetric cryptography Asymmetric (public key) cryptography Cryptographic hash functions (message digests) Message authentication codes (MACs)
The majority of this appendix focuses on symmetric cryptography
using the mcrypt extension. Other good resources that you should review are as follows:
Applied Cryptography, by Bruce Schneier (Wiley) http://www.schneier.com/blog/ http://wikipedia.org/wiki/Cryptography http://phpsec.org/articles/2005/password-hashing.html http://pear.php.net/package/Crypt_HMAC http://pear.php.net/package/Crypt_RSA
|