Jeśli jesteś właścicielem tej strony, możesz wyłączyć reklamę poniżej zmieniając pakiet na PRO lub VIP w panelu naszego hostingu już od 4zł!

Archive for Listopad, 2013

Timoh’s Blog: Aggressive password stretching – A solution to the low-entropy keys problem?

Timoh’s Blog: Aggressive password stretching – A solution to the low-entropy keys problem?

While not specifically related to PHP, this new post from Timoh looks at the idea of “aggressive password stretching” to help with a common problem in password-based systems – the poor choice of passwords from the application’s users.

Practically speaking, “weak” means a user generated password will not contain enough guessing entropy to resist an adversary who managed to gain the user database dump, and who is able to run efficient offline attack against leaked hashes. Here comes in the need to make adversary’s job harder, which is achieved by using the above-named algorithms.

He doesn’t talk much about the actual password hashing itself, instead focusing on how the password stretching – the addition of more information not from the user (usually an automated source) to increase it password entropy. He goes through some of the math about how much extra work is required for an attacker with this method and some of the problems that can come with it. He talks about how much time should be spent in the hashing of the passwords and suggests that it’s “a matter of finding a sweet spot between you and attacker’s patience and the security gain” and not just about the security.

A bit more on the PHP-specific side, he briefly looks at the password_hash function and some of the defaults the more current frameworks use (hint: bcrypt all the things).

Proper password hashing is clearly not enough to make sure the password hashes are not weak. The other half of the job is a good password policy. No algorithm or setting will save passwords like “password” or “12345″ etc. This is why we need to make sure the user’s password will initially contain enough entropy itself.

Link: http://timoh6.github.io/2013/11/26/Aggressive-password-stretching.html
Source: http://www.phpdeveloper.org/news/20454

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Timoh’s Blog: Aggressive password stretching – A solution to the low-entropy keys problem?

Timoh’s Blog: Aggressive password stretching – A solution to the low-entropy keys problem?

While not specifically related to PHP, this new post from Timoh looks at the idea of “aggressive password stretching” to help with a common problem in password-based systems – the poor choice of passwords from the application’s users.

Practically speaking, “weak” means a user generated password will not contain enough guessing entropy to resist an adversary who managed to gain the user database dump, and who is able to run efficient offline attack against leaked hashes. Here comes in the need to make adversary’s job harder, which is achieved by using the above-named algorithms.

He doesn’t talk much about the actual password hashing itself, instead focusing on how the password stretching – the addition of more information not from the user (usually an automated source) to increase it password entropy. He goes through some of the math about how much extra work is required for an attacker with this method and some of the problems that can come with it. He talks about how much time should be spent in the hashing of the passwords and suggests that it’s “a matter of finding a sweet spot between you and attacker’s patience and the security gain” and not just about the security.

A bit more on the PHP-specific side, he briefly looks at the password_hash function and some of the defaults the more current frameworks use (hint: bcrypt all the things).

Proper password hashing is clearly not enough to make sure the password hashes are not weak. The other half of the job is a good password policy. No algorithm or setting will save passwords like “password” or “12345″ etc. This is why we need to make sure the user’s password will initially contain enough entropy itself.

Link: http://timoh6.github.io/2013/11/26/Aggressive-password-stretching.html
Source: http://www.phpdeveloper.org/news/20454

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Community News: Packagist Latest Releases for 11.29.2013

Community News: Packagist Latest Releases for 11.29.2013Recent releases from the Packagist:

Source: http://www.phpdeveloper.org/news/20453

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Community News: Packagist Latest Releases for 11.29.2013

Community News: Packagist Latest Releases for 11.29.2013Recent releases from the Packagist:

Source: http://www.phpdeveloper.org/news/20453

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Site News: Popular Posts for the Week of 11.29.2013

Site News: Popular Posts for the Week of 11.29.2013Popular posts from PHPDeveloper.org for the past week:

Source: http://www.phpdeveloper.org/news/20452

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Site News: Popular Posts for the Week of 11.29.2013

Site News: Popular Posts for the Week of 11.29.2013Popular posts from PHPDeveloper.org for the past week:

Source: http://www.phpdeveloper.org/news/20452

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

SitePoint PHP Blog: Imagick vs GD

SitePoint PHP Blog: Imagick vs GD

In a new post to the SitePoint PHP blog Jacek Barecki has written up a comparison of two of the most widely used PHP image manipulation libraries – Imagick and GD.

If you want to create a thumbnail, apply a filter to an image or transform it in any other way, you will have to employ an image processing library in your PHP application. It means that you will probably choose GD or ImageMagick. But which one supports a wider range of image formats? Maybe one of them is slower than the other? What other criteria should be taken under consideration when choosing the right library?

He compares them on a few different aspects:

  • Availability
  • Supported file types
  • Functionality
  • Performance
  • Coding style
  • Popularity

He also provides three alternatives to using GD or Imagick, most involving outside services or software.

Link: http://www.sitepoint.com/imagick-vs-gd/
Source: http://www.phpdeveloper.org/news/20451

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

SitePoint PHP Blog: Imagick vs GD

SitePoint PHP Blog: Imagick vs GD

In a new post to the SitePoint PHP blog Jacek Barecki has written up a comparison of two of the most widely used PHP image manipulation libraries – Imagick and GD.

If you want to create a thumbnail, apply a filter to an image or transform it in any other way, you will have to employ an image processing library in your PHP application. It means that you will probably choose GD or ImageMagick. But which one supports a wider range of image formats? Maybe one of them is slower than the other? What other criteria should be taken under consideration when choosing the right library?

He compares them on a few different aspects:

  • Availability
  • Supported file types
  • Functionality
  • Performance
  • Coding style
  • Popularity

He also provides three alternatives to using GD or Imagick, most involving outside services or software.

Link: http://www.sitepoint.com/imagick-vs-gd/
Source: http://www.phpdeveloper.org/news/20451

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Qandidate.com: Setting up XHProf/XHGui profiling with Ansible

Qandidate.com: Setting up XHProf/XHGui profiling with Ansible

On the Qandidate.com blog there’s a new post showing how to set up the PHP profiling tool XHProf/XHGui using Ansible for setup and configuration. Ansible is a radically simple IT orchestration engine that makes your applications and systems easier to deploy.

Once in a while I think about profiling my web applications to see if I can get them to run faster. There are cool tools out there like XHProf and XHGUI to help you do exactly that. And then I remember it took me quite some time to get it all set up… But now that I’ve started using Ansible I decided to document the set up process and share it with you. Today I will walk you through my Ansible role for setting up everything you need for profiling your first PHP script.

He starts with a checklist of things to be sure you have installed first (including XHProf and XHGui) and links to his yml configuration to run a “profiling” command. An example of the result (the XHGui HTML output) is also included.

Link: http://labs.qandidate.com/blog/2013/11/28/setting_up_xhprof_xhgui_profiling_with_ansible/
Source: http://www.phpdeveloper.org/news/20450

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Qandidate.com: Setting up XHProf/XHGui profiling with Ansible

Qandidate.com: Setting up XHProf/XHGui profiling with Ansible

On the Qandidate.com blog there’s a new post showing how to set up the PHP profiling tool XHProf/XHGui using Ansible for setup and configuration. Ansible is a radically simple IT orchestration engine that makes your applications and systems easier to deploy.

Once in a while I think about profiling my web applications to see if I can get them to run faster. There are cool tools out there like XHProf and XHGUI to help you do exactly that. And then I remember it took me quite some time to get it all set up… But now that I’ve started using Ansible I decided to document the set up process and share it with you. Today I will walk you through my Ansible role for setting up everything you need for profiling your first PHP script.

He starts with a checklist of things to be sure you have installed first (including XHProf and XHGui) and links to his yml configuration to run a “profiling” command. An example of the result (the XHGui HTML output) is also included.

Link: http://labs.qandidate.com/blog/2013/11/28/setting_up_xhprof_xhgui_profiling_with_ansible/
Source: http://www.phpdeveloper.org/news/20450

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>