Security Tips
Security Tip: Stop Using MD5 and SHA-1!
[Tip #87] MD5 is like a cockroach - it's persistent and pops up everywhere, but one thing is very clear: you need to stop using it (and SHA-1 too)!
Security Tips
[Tip #87] MD5 is like a cockroach - it's persistent and pops up everywhere, but one thing is very clear: you need to stop using it (and SHA-1 too)!
In Depth
[In Depth #25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
In Depth
[InDepth#22] Random generates cryptographically secure random values in a range of different formats through a simple helper package for PHP.
Security Tips
[Tip#66] For those situations where you need to generate a repeatable hash or signature, reach for HMAC, rather than MD5 or SHA1.
Security Tips
[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a timing attack safe string comparison function...
Newsletter
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
In Depth
[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the common themes across the different ideas...
Newsletter
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Security Tips
[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!
Security Tips
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
In Depth
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Security Tips
QmFzZSA2NCBpc24ndCBlbmNyeXB0aW9uIQ==