Why Does Reactor Need Encryption Keys? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Why Does Reactor Need Encryption Keys? (/showthread.php?tid=43960)

Why Does Reactor Need Encryption Keys? - El Forum - 07-28-2011 [eluser]xjohnson[/eluser]   Hi, All - One of the features I like in CI v1.7.3 is being able to encrypt cookie data by simply turning a 'FALSE' setting into a 'TRUE' setting in the config.php file. However, this ease seems to be slightly more complicated with the CI v2.0.2 I just upgraded to. Whether or not I choose to encrypt cookie data, I'm required to provide some sort of "encryption key" in the config.php file. But, I'm not sure why. What should be used as an encryption key? - any old series of random string of characters? Why can't CI v2.0.2 just encrypt data as it has in the past? If the idea is to provide two-way encryption, then under what conditions would someone want to do that? .... In a nutshell, what is the philosophy behind this requirement? Thanks in advance. Warm Regards   Why Does Reactor Need Encryption Keys? - El Forum - 07-28-2011 [eluser]fesweb[/eluser] I don't know the actual answer, but I assume that adding your own encryption key ties the encryption to your own specific application. It adds another element that cannot be predicted by someone trying to replicate your sessions or cookies. Why Does Reactor Need Encryption Keys? - El Forum - 07-29-2011 [eluser]WanWizard[/eluser] To force you to pick unique encryption keys. What's the point of encrypting something if your key is public? Why Does Reactor Need Encryption Keys? - El Forum - 07-29-2011 [eluser]troy_mccormick[/eluser] The previous replies are correct in that if you don't have a "hash" (which is what the encryption key is being used as), the data you encrypt utilizing MD5 or other hashing method can be looked up in a table quite easily. I personally just use this site to generate a key for me: https://www.grc.com/passwords.htm And copy and paste it in. Takes all of two seconds, and adds that much more security to my app. Happy Developing!