-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Added the file encryption/decryption to Zend\Crypt #6438
Added the file encryption/decryption to Zend\Crypt #6438
Conversation
@Ocramius @weierophinney this is the new PR that replace #6410. Check it out and let me know, thanks. |
if (empty($key)) { | ||
throw new Exception\InvalidArgumentException('The key cannot be empty'); | ||
} | ||
$this->key = $key; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cast to (string)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
@ezimuel besides the minor property initialization issues, this looks nice! |
@Ocramius I already wrote the documentation for this new component: zendframework/zf2-documentation#1311 |
* | ||
* @var int | ||
*/ | ||
protected $keyIteration = 10000; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should the number of iterations been protected against big values, to prevent security issues like symfony2 had in the past?
http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
per the blog post it takes 6 seconds to hash a password with Pbkdf2 and 10000 iterations. Since a file is very likely much bigger than a password this could lead to very long lasting operations...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@staabm The Pbkdf2 algorithm used in the encryption/decryption operations of FileCipher is used only to generate the encryption and authentication keys. That means only one time for each execution. I used a value of 10'000 as default and it's actually very low (about 0.05 sec, using an Intel i5 at 3.30GHz, you can check by yourself using this code). The blog post that you referred has clearly wrong numbers.
This PR replace the #6410 with a new
FileCipher
implementation based on the suggestion of #6410. I removed the fluent interface and other methods not really relevant for the usage of this component. I also improved the unit tests adding the one forZend\Crypt\Symmetric\Padding\NoPadding
.I also provided the documentation for this new component in this PR zendframework/zf2-documentation#1311