Subject: | Before anyone installs this package,... |
Summary: | Package rating comment |
Messages: | 1 |
Author: | Scott Arciszewski |
Date: | 2015-12-11 00:37:17 |
|
|
|
Scott Arciszewski rated this package as follows:
Utility: | Bad |
Consistency: | Not sure |
Documentation: | Not sure |
Examples: | Not sure |
|
Scott Arciszewski - 2015-12-11 00:37:17
Before anyone installs this package, please read this first:
paragonie.com/blog/2015/09/comprehe ...
Encryption is NOT the right tool for this job. Even if it were implemented securely, it would be a huge design flaw to depend on this library.
But the actual implementation is little more than base64 encoding. Only much worse: It allows anyone to overwrite any global variables they want, by passing it as a GET or POST parameter.
The security implications of this can be devastating, but this is application specific.
|