Versions Compared

Old Version 2

changes.mady.by.user Cody Phillips

Saved on

compared with

New Version Current

changes.mady.by.user Cody Phillips

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Assuming your database server is properly secured, access to the database is strictly enforced, and all software running on or connecting to the database is completely bug free, encryption is unnecessary. Unfortunately, reality dictates that this is impossible to achieve. So to ensure that in the event unauthorized access to the data is obtainobtained, no matter how unlikely, it becomes necessary to encrypt that data to ensure it remains protected.

...

  1. Encrypting/Decrypting data consumes CPU time.
  2. Encrypted data can not be searched or indexed.

For the reasons above, it typically only makes sense to encrypt sensitive data.

...

Blesta uses AES-256 for all block cipher requirements. The key for this encryption method is derived from an HMAC SHA-256 hash of the Blesta.system_key configuration setting.

Examples

  • Custom client fields values
  • Credit card expiration dates
  • Credit card last-four digits
  • Bank account last-four digits
  • Module field values
  • Service field values
  • Gateway field values
  • Company settings
  • System settings

Asymmetric Cipher

An asymmetric cipher, also known as a public-key cipher, is an encryption method that uses one key for encryption and another for decryption.

...

A key-based hashing algorithm, also known as hash-based message authentication is a means of creating a message digest of a fixed-length from an arbitrary-length plain-text using a one-way algorithm. That is, once the message digest is computed the plain-text is impossible to decipher. Hashes are not a format form of encryption, but are often used in places where decrypting the plain-text is unnecessary. For example, in validating a given password is correct.

...

Blesta uses bcrypt to store passwords for authentication. The bcrypt algorithm is a slow-computing algorithm that is designed to take a small, but significant amount of time to generate a result. This makes it computationally inefficient to brute-force.The amount of work involved in computing the bcrypt result is controlled by the Blesta.hash_work configuration setting.

Before a password is hashed using bcrypt, however, it is hashed using HMAC SHA-256. The HMAC SHA-256 process produces a 256-bit (64-hexadecimal character) string, which is then hashed using bcrypt. This extra step provides additional security for short passwordpasswords, extremely long passwords (see denial of service), and dictionary attacks.

...