It's pronounced Diane. I do data architecture, operations, and backend development. In my spare time I maintain Massive.js, a data mapper for Node.js and PostgreSQL.
The only perfectly secure system is one that's been disconnected, powered off, encased in concrete, and dropped into the ocean from a helicopter flown blindfolded.
Any functionality you can use is functionality someone else with ulterior motives can use. Data you can access through your system is data someone else can access through your system. Backdoors are an inherent security risk.
Re 6: No, hashing is not enough.
Use an algorithm suited for this task, as recommended by those crypto experts, which right now is mostly scrypt and argon2.
md5/sha1/sha2/etc is not enough no matter how much salt and pepper you throw on top.
I'm not sure if the blindfolded helicopter will achieve its purpose. It might just crash pretty quick, make the system fall and release it from concrete. Just sayin'
It's pronounced Diane. I do data architecture, operations, and backend development. In my spare time I maintain Massive.js, a data mapper for Node.js and PostgreSQL.
Re 6: No, hashing is not enough.
Use an algorithm suited for this task, as recommended by those crypto experts, which right now is mostly scrypt and argon2.
md5/sha1/sha2/etc is not enough no matter how much salt and pepper you throw on top.
PHP (which isn't exactly my favorite language) kinda got it right, providing easy-enough to use password functions in their standard library.
I'm not sure if the blindfolded helicopter will achieve its purpose. It might just crash pretty quick, make the system fall and release it from concrete. Just sayin'
You can take off without the blindfold but you have to put it on once you're over the water.
This sounds reasonable