215
seCure sessIon storAge
$this->sessionKey is the secret encryption key, and needs to be set to
adequately long length, and stored in a secure, publicly inaccessible place (obviously
outside the web root directory).
$this->cryptCipher has been set to MCRYPT_BLOWFISH.
$this->$cryptMode set to MCRYPT_MODE_CBC.
$this->staticSalt was pregenerated using:
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH,
MCRYPT_MODE_CBC),
MCRYPT_DEV_URANDOM))
mcrypt_create_iv() is a Cryptographically Secure Pseudo Random
Number Generator (CSPRNG) that creates a very strong initialization vector, or
salt. e parameters used tell it to create an IV for Blowfish encryption using the
CBC cipher block. is is important. CBC is much stronger that EBC. CBC uses
salt. EBC ...