Last active
June 5, 2016 19:40
-
-
Save ewbarnard/98e947eea95030a54ac14c09cfbe619e to your computer and use it in GitHub Desktop.
Using Encryption in PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WHAT CHANGED: TITLE AND DESCRIPTION | |
Title: Using Encryption in PHP | |
Level: All | |
Duration: 50 minutes including 10 for questions | |
Description: | |
Using encryption sounds simple. It is! The trouble is that encryption is | |
extremely difficult to get right. In fact it's a great way to grab news | |
headlines when you get it spectacularly wrong. | |
This talk focuses on two basic concepts you need to understand when getting | |
PHP's encryption to work in your application: obtaining randomness, and | |
encrypting/decrypting a string with cryptographic checksum. | |
I include an extensive curated PHP security reading list with explanations. | |
Additional Information: | |
1. This talk is based on my upcoming article in July 2016 php[architect] | |
https://www.phparch.com/magazine/ (not yet published) | |
2. Platform experience: I am a new PHP speaker. However, I used to teach Cray | |
Supercomputer operating system internals (assembly and octal) as Senior | |
Instructor for Cray Research Software Training. | |
3. Twitter: @ewbarnard | |
To whomever reviews this gist: My sincere thanks. |
I find the proposal exciting, but still have a few suggestions:
-
as Chris wrote, find a better title
-
Maybe also mention in the title that you are talking about PHP
-
Most session proposals consist of one or two paragraphs (even if they are longer). I think you have too many.
-
Cut the last two paragraphs, they add little value and seem out of place ("Virtually ... encryption/decryption." and "I ... explanations").
I hope that was helpful!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Initial response on seeing the title 'Implementing Encryption' was 'wow that's a bad idea'.
I then saw your comment about what so easily goes wrong. But then you talk about how to actually do it. So I'm left confused. Shouldn't the talk simply be 'don't do that'?