A common problem in PHP is creating cryptographically secure tokens for user authentication. Think “remember me” and password reset features. Functions like rand(), mt_rand() and uniqid() simply aren’t enough. And, without “resource-improbable” tokens… it’s only a matter of time for a hacker to break your authentication and get int your application.
Fortunately, PHP 5.6 and 7 have added the necessary functions for us to creating cryptographically secure tokens, prevent timing attacks and mitigate data hacks. That latest in all this in this episode.
- Paragon Initiative: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
- random_bytes: http://php.net/manual/en/function.random-bytes.php
- hash_equals: http://php.net/manual/en/function.hash-equals.php
- random_compat: https://github.com/paragonie/random_compat
- hash_equals: https://gist.github.com/christianfutterlieb/3cf85bc3fe16c70c0442
Rate and Review the Podcast
If you leave a rating and review of the podcast, I’d really appreciate it. It’s the main way more people find out about it which allows me to bring even more value to you as a listener. I believe that so much I’ll even give you Module 1 of my PHP 101 course for FREE if you leave me an honest review. Get the details on that here: https://johnmorrisshow.com/start-here.