Big stuff today: we have crypted all the sensible user-data informations

The "Advanced Encryption Standard" (AES) or "Rijndael" is used to store your sensitive data inside https://www.myetv.tv
This content has 2 years. Please, read this page keeping its age in your mind.

Hello everyone; we’ve spent the last 24 hours no-stop to figure out how to store your sensible data (except the password that is hashed in a secure way) in an unreadable way; for that we’ve started encrypt with AES the email and the username of every user and we have builded an encrypted signup and login forms with that informations passed encrypted every time; for this we’ve tweaked a little our authentication classes with a few line of new code. How the encryption works:

That’s are some of the test user inputs in a test user table with some test columns (in the test environment), how a malicious user without the private key read the informations stored (is called “binary data”):

 

No one can have access to your decrypted informations without the right key used to encrypt each of them; we plan to extend this type of encryption to the most user data possible in the near future.

So, from today the username and the email of every users are stored encrypted by default.

This is an invisible work for the major of the users but a great change for improved the security of all the website and it don’t change anything on how you interact with the website; you will never see encrypted data if you don’t commit malicious actions; all the features works like before and all the page remain readable to MYETV‘s users.

After 24 hour of works to understand how better use this feature and after 36 hours of works to implement it (as indicated below), we are very proud to present to you the end of this works. Now all the sensitive user data are encrypted in the database with a private key.

AES-256-CBC: For more security reasons we’ve tweaked the databases security as specified in the official developers blog here and in the developers open source manual here https://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_block_encryption_mode. Please note: works to switch encryption mode starts from 27/05/2017 and will be done until the 28/05/2017.

Have a nice day, folks! Thank you for staying with us!!!

CONTINUE TO READ…

INTERNAL RESOURCE:
How to write secure (client-side) code: https://blog.myetv.tv/2017/09/18/writing-secure-code-how-myetv-do-crypt-auth-transfer-and-store-informations/

EXTERNAL RESOURCE:
AES super in-depth (An Ultimate Guide) and aimed towards beginners: https://thebestvpn.com/aes-encryption/

Print Friendly, PDF & Email

There are 4 comments. Add yours

  1. Pingback: The 9th year of MYETV is here: happy birthday the 1st July of 2017 | Official MyeTV Support Blog 13/06/2017

    […] We’ve updated all the security algorithm to meet the latest and the best practice for ensure the safe and the anonymous of every users. We’ve crypted all the users data by default with one of the best encryption algorithm out there. (https://blog.myetv.tv/2017/05/25/big-stuff-today-we-have-crypted-all-the-sensible-user-data-informat…) […]

  2. Pingback: Best of the World #holywinter #codechange #php | Official MyeTV Support Blog 20/06/2017

    […] 1. #security: https://blog.myetv.tv/2015/09/24/the-new-myetv-is-on-the-way-php-codechange/ (recently updated here: https://blog.myetv.tv/2017/05/25/big-stuff-today-we-have-crypted-all-the-sensible-user-data-informat…) […]

  3. Pingback: 1st July 2017: Happy 9 years MYETV !!! | Official MyeTV Support Blog 30/06/2017

    […] is the fact that we have started a little revolution with our infrastructure; after we’ve crypted all the user-data, we already moved (in just a few days) the entire platform to Germany and we plan for the end of […]

  4. Pingback: Happy New Year 2018 | Official MyeTV Support Blog 27/12/2017

    […] ever (and it is lasted about 3 months to test everything) with the encryption of sensible data https://blog.myetv.tv/2017/05/25/big-stuff-today-we-have-crypted-all-the-sensible-user-data-informat… and the antiflood security mechanism https://blog.myetv.tv/2017/05/23/antiflood-system/ with the […]