Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

Celebrating Three Years of PIE on Pi Day

March 14, 2018 by P.I.E. Staff

Paragon Initiative Enterprises (P.I.E.) got its name on March 14, 2015. How have things changed in three years?

Continue Reading this Blog Post »

Paseto is a Secure Alternative to the JOSE Standards (JWT, etc.)

March 4, 2018 by Scott Arciszewski

This is a follow-up to our 2017 blog post that made the case for avoiding JSON Web Tokens (JWT) and its related standards.

Many developers responded to our post with the same question: "What should we use instead of JWT?" Today, I'm happy to announce a viable replacement.

Continue Reading this Blog Post »

Our Ambitious Plan to Make Insecure PHP Software a Thing of the Past

January 16, 2018 by Scott Arciszewski

Last month we published our guide to building secure PHP software in 2018. It provides clear and accessible guidance to writing secure PHP software. If you're a web developer, that page should serve as a great starting point for writing secure software going forward.

However, that guide only solves half the problem.

The other half is the abundance of outdated blog posts and PHP tutorials littered across the Internet that demonstrate bad security practices. And we'll need your help (yes, yours!) to clean up the ecosystem.

Continue Reading this Blog Post »

The 2018 Guide to Building Secure PHP Software

December 12, 2017 by P.I.E. Staff

PHP Security in 2018

As the year 2018 approaches, technologists in general—and web developers in particular—must discard many of their old practices and beliefs about developing secure PHP applications. This is especially true for anyone who does not believe such a feat is even possible.

This guide should serve as a complement to the e-book, PHP: The Right Way, with a strong emphasis on security and not general PHP programmer topics (e.g. code style).

Continue Reading this Blog Post »

Assuring Ciphertext Integrity for Homomorphic Cryptosystems

December 5, 2017 by Scott Arciszewski

When an encryption scheme is said to be homomorphic, what that means is that if you perform some mathematical operation on the ciphertext, you affect the plaintext in a useful way once it's decrypted.

While this sounds neat, there are three major problems with current homomorphic encryption designs:

  1. Performance: Homomorphic encryption is unbearably slow.
  2. Distinguishability: There is an underlying algebraic structure to ciphertexts encrypted with homomorphic schemes, unlike non-homomorphic encryption schemes, which produce ciphertext that look like random noise.
  3. Integrity: Homomorphic encryption is not impervious to chosen-ciphertext attacks.

While research into solving the performance and distinguishability problems of homomorphic encryption schemes is ongoing, there has been very little attention given towards preventing chosen-ciphertext attacks.

If you're interested in homomorphic encryption because you want to be able to search encrypted database fields in a web application you're developing, see the linked article instead.

Continue Reading this Blog Post »

See All Published Blog Posts

About

Paragon Initiative Enterprises
offers technology consulting and web development services to businesses with attention to security above and beyond compliance.

Our Professional Experience

Blog Categories

  1. Business
  2. Paragon Initiative
    1. Community
      1. Open Source
      2. Pharaoh
      3. Security Advice
    2. Our Products
      1. Airship
      2. ASGard
      3. Ward
  3. Security News
  4. Technology
    1. Cryptology
    2. Databases
    3. Hardware
    4. Programming
    5. Quality Assurance
    6. Security Engineering
    7. System Administration
  5. Uncategorized

Tags

  1. Access Controls
  2. Application Security
  3. Authentication
  4. Authorization
  5. Automatic Updates
  6. Business
  7. Central Florida
  8. Cryptography
  9. CSPRNG
  10. Data Science
  11. Encryption
  12. HTTPS
  13. Integrity
  14. Libsodium
  15. Login
  16. Math
  17. .NET
  18. Networking
  19. Node.js
  20. Open Source
  21. Orlando
  22. OWASP
  23. OWASP Top Ten
  24. PHP
  25. PostgreSQL
  26. Public Key Cryptography
  27. Python
  28. Ruby
  29. Secret Key Cryptography
  30. Security
  31. Signatures
  32. SQL
  33. SQL Injection
  34. Statistics
  35. Vulnerability
  36. Web Development
  37. XSS

Mailing Lists

  1. Paragon Initiative Quarterly
  2. Paragon Initiative Vanguard

Elsewhere

  1. ParagonIE on Github
  2. @ParagonIE
  3. Paragonie on Facebook

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements