Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Encrypting/Decrypting data consumes CPU time.
  2. Encrypted data can not be searched or indexed.

For the reasons above, it typically only makes sense to encrypt sensitive data.

...

Blesta uses AES-256 for all block cipher requirements. The key for this encryption method is derived from an HMAC SHA-256 hash of the Blesta.system_key configuration setting.

Examples

...

Blesta uses bcrypt to store passwords for authentication. The bcrypt algorithm is a slow-computing algorithm that is designed to take a small, but significant amount of time to generate a result. This makes it computationally inefficient to brute-force.The amount of work involved in computing the bcrypt result is controlled by the Blesta.hash_work configuration setting.

Before a password is hashed using bcrypt, however, it is hashed using HMAC SHA-256. The HMAC SHA-256 process produces a 256-bit (64-hexadecimal character) string, which is then hashed using bcrypt. This extra step provides additional security for short passwords, extremely long passwords (see denial of service), and dictionary attacks.

...