Skip to content
This repository has been archived by the owner on Jan 8, 2020. It is now read-only.

Added the file encryption/decryption to Zend\Crypt #6438

Merged
merged 4 commits into from
Jul 3, 2014

Conversation

ezimuel
Copy link
Contributor

@ezimuel ezimuel commented Jul 3, 2014

This PR replace the #6410 with a new FileCipher implementation based on the suggestion of #6410. I removed the fluent interface and other methods not really relevant for the usage of this component. I also improved the unit tests adding the one for Zend\Crypt\Symmetric\Padding\NoPadding.
I also provided the documentation for this new component in this PR zendframework/zf2-documentation#1311

@ezimuel
Copy link
Contributor Author

ezimuel commented Jul 3, 2014

@Ocramius @weierophinney this is the new PR that replace #6410. Check it out and let me know, thanks.

if (empty($key)) {
throw new Exception\InvalidArgumentException('The key cannot be empty');
}
$this->key = $key;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cast to (string)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@Ocramius
Copy link
Member

Ocramius commented Jul 3, 2014

@ezimuel besides the minor property initialization issues, this looks nice!
Do you think that you can also open a documentation PR for this functionality? nvm, it's already done :-)

@ezimuel
Copy link
Contributor Author

ezimuel commented Jul 3, 2014

@Ocramius I already wrote the documentation for this new component: zendframework/zf2-documentation#1311

ezimuel added 2 commits July 3, 2014 15:21

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
…inor fixes
@Ocramius Ocramius self-assigned this Jul 3, 2014
@Ocramius Ocramius merged commit 6418c25 into zendframework:develop Jul 3, 2014
Ocramius added a commit to zendframework/zf2-documentation that referenced this pull request Jul 3, 2014
*
* @var int
*/
protected $keyIteration = 10000;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the number of iterations been protected against big values, to prevent security issues like symfony2 had in the past?
http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

per the blog post it takes 6 seconds to hash a password with Pbkdf2 and 10000 iterations. Since a file is very likely much bigger than a password this could lead to very long lasting operations...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@staabm The Pbkdf2 algorithm used in the encryption/decryption operations of FileCipher is used only to generate the encryption and authentication keys. That means only one time for each execution. I used a value of 10'000 as default and it's actually very low (about 0.05 sec, using an Intel i5 at 3.30GHz, you can check by yourself using this code). The blog post that you referred has clearly wrong numbers.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants