re: PHP Security: Passwords VIEW POST

TOP OF THREAD FULL DISCUSSION
re: And why do you make it sound like it's so easy to break AES encryptions? Is it?
 

Since the application must keep the AES key around somewhere handy, in the event of a compromise it's going to get stolen as well and then your encryption is worthless as they have the key.

From there dealing with a single layer of HMAC is pretty trivial.

code of conduct - report abuse