Cryptography

Cryptography

In this section we'll review the following security aspects:

  • Generating random data
  • Encryption and Decryption
  • Confirming Data Integrity

Generating Pseudorandom Data

Pseudorandom data is useful in many situations. For example when resetting a password via email you need to generate a token, save it to the database, and send it via email to end user which in turn will allow them to prove ownership of that account. It is very important that this token be unique and hard to guess, else there is a possibility that attacker can predict the token's value and reset the user's password.

Yii security helper makes generating pseud