Hello everyone; we’ve spent the last 24 hours no-stop to figure out how to store your sensible data (except the password that is hashed in a secure way) in an unreadable way; for that we’ve started encrypt with AES the email and the username of every user and we have builded an encrypted signup and login forms with that informations passed encrypted every time; for this we’ve tweaked a little our authentication classes with a few line of new code. How the encryption works:
That’s are some of the test user inputs in a test user table with some test columns (in the test environment), how a malicious user without the private key read the informations stored (is called “binary data”):
No one can have access to your decrypted informations without the right key used to encrypt each of them; we plan to extend this type of encryption to the most user data possible in the near future.
So, from today the username and the email of every users are stored encrypted by default.
This is an invisible work for the major of the users but a great change for improved the security of all the website and it don’t change anything on how you interact with the website; you will never see encrypted data if you don’t commit malicious actions; all the features works like before and all the page remain readable to MYETV‘s users.
After 24 hour of works to understand how better use this feature and after 36 hours of works to implement it (as indicated below), we are very proud to present to you the end of this works. Now all the sensitive user data are encrypted in the database with a private key.
AES-256-CBC: For more security reasons we’ve tweaked the databases security as specified in the official developers blog here and in the developers open source manual here https://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_block_encryption_mode. Please note: works to switch encryption mode starts from 27/05/2017 and will be done until the 28/05/2017.
Have a nice day, folks! Thank you for staying with us!!!
CONTINUE TO READ…
How to write secure (client-side) code: https://blog.myetv.tv/2017/09/18/writing-secure-code-how-myetv-do-crypt-auth-transfer-and-store-informations/
AES super in-depth (An Ultimate Guide) and aimed towards beginners: https://thebestvpn.com/aes-encryption/