Big stuff today: we have crypted all the sensible user-data informations

CONTENT- [Contents: every content intended as text, images, audio or video] - INFORMATIONS ENCRYPTION- [Encryption: to change electronic information or signals into a secret code (= system of letters, numbers, or symbols) that people cannot understand or use on normal equipment] -

As already stated in advance, for the 13th birthday of MYETV we have decided to also encrypt the information on the shared contents- [Contents: every content intended as text, images, audio or video] - (such as the name, description and hashtags); with the same technique, in the future, we could also encrypt other information relating to shared content. The encryption engine of the content information is AES with a random initial vector (128bit); we decided to encrypt all content permanently, around 200 scripts have been updated for this purpose including sharer- [Sharer: the section of the platform with which the networks can share content, inside or outside of the platform] - and crawler codes. The works will start on 12/06/2021 at 19.30 CEST until 20.30 CEST and will include the updating of the database engines and the scripts that communicate with it. We have also released a maintenance notice on https://status.myetv.tv
The procedure is simple: we use a random initial vector and a heavy encryption key; the key is fixed and interchangeable while the initial vector is always random. The pros of this technique are that the key is not saved in the databases and is generated by the scripts in the program- [Program/Software: the instructions that control what a computer does; computer programs] - and we can change the encryption key every time we need it; furthermore, having a non-dynamic encryption key, the software- [Program/Software: the instructions that control what a computer does; computer programs] - is compatible with the encryption laws in the major countries of the world.

USER INFORMATIONS ENCRYPTION

Hello everyone; we’ve spent the last 24 hours no-stop to figure out how to store your sensible data (except the password that is hashed in a secure way) in an unreadable way; for that we’ve started encrypt with AES with a random initial vector (256bit) the email and the username of every user and we have builded an encrypted signup and login- [Login: an act of logging in to a computer, database, website or system] - forms with that informations passed encrypted every time; for this we’ve tweaked a little our authentication classes with a few line of new code. How the encryption works:

That’s are some of the test user inputs in a test user table with some test columns (in the test environment), how a malicious user without the private key read the informations stored (is called “binary data”):

No one can have access- [Access the simple access to a website as a visitor] - to your decrypted informations without the right key used to encrypt each of them and informations are safe from any modification (if someone try to edit encrypted informations without the right key, the information will be considered corrupted and unreadable); we plan to extend this type of encryption to the most user data possible in the near future.

So, from today the username and the email of every users are stored encrypted by default.

This is an invisible work for the major of the users but a great change for improved the security of all the website and it don’t change anything on how you interact with the website; you will never see encrypted data if you don’t commit malicious actions; all the features works like before and all the page remain readable to MYETV‘s users.

After 24 hour of works to understand how better use this feature and after 36 hours of works to implement it (as indicated below), we are very proud to present to you the end of this works. Now all the sensitive user data are encrypted in the database with a private key.

AES-256-CBC: For more security reasons we’ve tweaked the databases security as specified in the official developers blog here and in the developers open source manual here https://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_block_encryption_mode. Please note: version of the engine may be different and updated and works to switch encryption mode starts from 27/05/2017 and will be done until the 28/05/2017.

Have a nice day, folks! Thank you for staying with us!!!

CONTINUE TO LEARN…

INTERNAL RESOURCE:
How to write secure (client-side) code: https://blog.myetv.tv/2017/09/18/writing-secure-code-how-myetv-do-crypt-auth-transfer-and-store-informations/

EXTERNAL RESOURCE:
AES super in-depth (An Ultimate Guide) and aimed towards beginners: https://thebestvpn.com/aes-encryption/