Using Encryption in PHP

Presented at Madison PHP 2016

Using encryption sounds simple. It is! The trouble is that encryption is extremely difficult to get right. In fact it’s a great way to grab news headlines when you get it spectacularly wrong.


This talk focuses on two basic concepts you need to understand when getting PHP’s encryption to work in your application: obtaining randomness, and encrypting/decrypting a string with cryptographic checksum.

I include an extensive curated PHP security reading list with explanations.

About Edward Barnard (@ewbarnard)

Ed Barnard has been programming computers since keypunches were in common use. He’s been interested in codes and secret writing, not to mention having built a binary adder, since grade school. These days he does PHP and MySQL for He believes software craftsmanship is as much about sharing your experience with others, as it is about gaining the experience yourself. The surest route to thorough knowledge of a subject is to teach it.

Additional Material