...
- Encrypting/Decrypting data consumes CPU time.
- Encrypted data can not be searched or indexed.
For the reasons above, it typically only makes sense to encrypt sensitive data.
...
Blesta uses AES-256 for all block cipher requirements. The key for this encryption method is derived from an HMAC SHA-256 hash of the Blesta.system_key configuration setting.
Examples
- Custom client fields values
- Credit card expiration dates
- Credit card last-four digits
- Bank account last-four digits
- Module field values
- Service field values
- Gateway field values
- Company settings
- System settings
Asymmetric Cipher
An asymmetric cipher, also known as a public-key cipher, is an encryption method that uses one key for encryption and another for decryption.
...
Blesta uses bcrypt to store passwords for authentication. The bcrypt algorithm is a slow-computing algorithm that is designed to take a small, but significant amount of time to generate a result. This makes it computationally inefficient to brute-force.The amount of work involved in computing the bcrypt result is controlled by the Blesta.hash_work configuration setting.
Before a password is hashed using bcrypt, however, it is hashed using HMAC SHA-256. The HMAC SHA-256 process produces a 256-bit (64-hexadecimal character) string, which is then hashed using bcrypt. This extra step provides additional security for short passwords, extremely long passwords (see denial of service), and dictionary attacks.
...