search

defuse / php-encryption

Simple Encryption in PHP.
MIT License
3.78k stars 308 forks source link

Two Questions #526

Open hirasso opened 1 month ago

hirasso commented 1 month ago

Hi there! Thanks for all the work you put into this library, both technical and educational. Much appreciated!!

After reading through the Tutorial and the FAQs, I have two questions (I would have opened a GH discussion, but this repo doesn't seem to have those activated):

  1. In the FAQs, Does encrypting hide the length of the plaintext?, you are writing about having to pad the string in user land:

    • Any tips or best practices how to do that with an arbitrary length input string?

  2. In Scenario #2: Encrypting account data with the user's login password, you are talking about generating the key from the user's password.

    • This would render the stored information useless as soon as the user changed their password, correct? Just to make sure I understand correctly :)