Subject: | This package does NOT encrypt data. |
Summary: | Package rating comment |
Messages: | 3 |
Author: | John Conde |
Date: | 2023-10-26 12:30:40 |
|
|
|
John Conde rated this package as follows:
Utility: | Bad |
Consistency: | Not sure |
Documentation: | Insufficient |
Examples: | Insufficient |
Tutorial videos: | Insufficient |
|
John Conde - 2023-10-26 12:30:40
This package does NOT encrypt data. It HASHES it. They are not the same thing. Data can only be hashed and is not reversible. This means once you hash it you cannot get that data back out!
It also uses poor security practices as the hash is hardcoded into the package. This should be unique for all sites and, even more importantly, all hashes. By making the key hardcoded and public bad actors can attack encrypted data with a rainbow table attack.
This package does not work, and if used anyway, is insecure. It should not be used.
Rodrigo Faustino - 2023-10-27 00:47:16 - In reply to message 1 from John Conde
It seems like you didn't understand the purpose of the package, it is for asymmetric encryption, where it hides the data in the database and shows it in the application, and the key can be composed by other methods at the discretion of the owner of the website or application, you are right when symmetric encryption cannot be reversed, but the purpose of asymmetric is to enable reversal
Rodrigo Faustino - 2023-10-27 00:52:33 - In reply to message 2 from Rodrigo Faustino
sorry for the error in translation when I wrote symmetrical with a key it appeared asymmetrical which is used public and private key, in "symmetrical" it uses a single key to encrypt and describe and this single key must be kept safe, so the owner of the site can use their key protection methods, but I reaffirm that the purpose is only to hide the data in the database
|