Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks

The shortest answer to any question about securely using RSA is: Don't.

Because there are much better cryptography choices available today, if you can avoid using RSA, don't use RSA. Then everything else in this document becomes not your problem.

Throughout this post, we assume at least a casual understanding of what RSA is, and the role of asymmetric cryptography in general.

If you do not meet these prerequisites, or experience any difficulty understanding the rest of this post, this is a good introduction to RSA and this talk by Colin Percival (slides) is a good follow-up. If you're more of a book learner, you can't go wrong with a copy of Serious Cryptography by Dr. Jean-Philippe Aumasson.

Continue Reading this Blog Post »

Celebrating Three Years of PIE on Pi Day

Paragon Initiative Enterprises (P.I.E.) got its name on March 14, 2015. How have things changed in three years?

Continue Reading this Blog Post »

Paseto is a Secure Alternative to the JOSE Standards (JWT, etc.)

This is a follow-up to our 2017 blog post that made the case for avoiding JSON Web Tokens (JWT) and its related standards.

Many developers responded to our post with the same question: "What should we use instead of JWT?" Today, I'm happy to announce a viable replacement.

Continue Reading this Blog Post »

Our Ambitious Plan to Make Insecure PHP Software a Thing of the Past

Last month we published our guide to building secure PHP software in 2018. It provides clear and accessible guidance to writing secure PHP software. If you're a web developer, that page should serve as a great starting point for writing secure software going forward.

However, that guide only solves half the problem.

The other half is the abundance of outdated blog posts and PHP tutorials littered across the Internet that demonstrate bad security practices. And we'll need your help (yes, yours!) to clean up the ecosystem.

Continue Reading this Blog Post »

The 2018 Guide to Building Secure PHP Software

PHP Security in 2018

As the year 2018 approaches, technologists in general—and web developers in particular—must discard many of their old practices and beliefs about developing secure PHP applications. This is especially true for anyone who does not believe such a feat is even possible.

This guide should serve as a complement to the e-book, PHP: The Right Way, with a strong emphasis on security and not general PHP programmer topics (e.g. code style).

Continue Reading this Blog Post »

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements