PHP Classes

Unclear text

Recommend this page to a friend!

      PHP Simple Encryption and Decryption  >  PHP Simple Encryption and Decryption package blog  >  Tutorial on How to Se...  >  All threads  >  Unclear text  >  (Un) Subscribe thread alerts  
Subject:Unclear text
Summary:Some of the text is unclear (misleading?)
Messages:2
Author:Sam Spickle
Date:2020-06-19 12:41:23
 

  1. Unclear text   Reply   Report abuse  
Picture of Sam Spickle Sam Spickle - 2020-06-19 12:41:23
A good article overall, and looks like it could be a good class - perhaps for a project I'm working with.

However, a couple statements in this article are unclear - if not misleading, which makes me wonder about the class itself.

First, you say "If this encryption algorithm ever becomes compromised, the class will default to a newer and stronger algorithm." That sounds 'wonderful', yet also 'mystical' (just where/how does the class 'know' the algorithm became compromised? does it poll a server/service somewhere? is that secure, or leaking my data??)

Then, you state "...new data you encrypt will automatically gain the use of the latest in crypto ciphers. All you will need to do is update your PHP Simple Encryption library." - oh, then what happened to the "default to a newer and stronger" bit??? and, where is that "automatically" part if I have to update the library???

The text simply is not clear, and as I said, I feel it is a bit misleading (or perhaps 'salesy' is a better term.... :)



  2. Re: Unclear text   Reply   Report abuse  
Picture of John Conde John Conde - 2020-06-19 14:35:08 - In reply to message 1 from Sam Spickle
Sam,

Reading your comments it seems you are making an assumption that the library will automagically do all of these things for us. That obviously is not the case.

When a default cipher is deemed no longer safe, or a better alternative comes along, the library will be updated to use a new cipher as the default cipher. This takes the onus of keeping abreast of the state of encryption out of the hands of users of this library, which is the point as this library is designed to help solve the problem of developers using encryption without actually understanding it.

Changing ciphers means users of the library will need to update their code to handle encrypted data that uses different ciphers assuming the choose to always use the default. Of course they can continue to use the former default cipher for as long as they choose simply by explicitly declaring it when creating the encryption object.

If they wish to update their encrypted data to use the new cipher they can do so either through a script or as incrementally as the data is access by their system.

Either way software maintenance is part of the technical debt every application incurs simply by existing.