...
- Encrypting/Decrypting data consumes CPU time.
- Encrypted data can not be searched or indexed.
For the reasons above, it typically only makes sense to encrypt sensitive data.
...
Blesta uses AES-256 for all block cipher requirements. The key for this encryption method is derived from an HMAC SHA-256 hash of the Blesta.system_key configuration setting.
Examples
...
Blesta uses bcrypt to store passwords for authentication. The bcrypt algorithm is a slow-computing algorithm that is designed to take a small, but significant amount of time to generate a result. This makes it computationally inefficient to brute-force.The amount of work involved in computing the bcrypt result is controlled by the Blesta.hash_work configuration setting.
Before a password is hashed using bcrypt, however, it is hashed using HMAC SHA-256. The HMAC SHA-256 process produces a 256-bit (64-hexadecimal character) string, which is then hashed using bcrypt. This extra step provides additional security for short passwords, extremely long passwords (see denial of service), and dictionary attacks.
...