Protecting Passwords with Argon2id in PHP 7.3

Better password security in PHP 7.3 with Argon2id

Starting with PHP 7.3, Argon2id may be used as part of the password_* functions to provide better password security.

This article I cover the benefits of Argon2id, how to compile Argon2id into PHP, how to use Argon2id within your PHP 7.3 applications, and some useful pieces of information about Argon2id usage within applications in general.

For more information on Argon2id support within PHP 7.3, reference the Argon2 Password Hash Enhancements RFC on the PHP Wiki.

Creating an Alpine Linux Repository

Creating & Hosting an Alpine Linux Package Repository for Docker packages

One of the common problems developers run into when creating their own Docker images is the sheer size of the final output image. Even after compressing and squashing, images based off of Ubuntu or CentOS can still be hundreds of megabytes in size.

As part of my personal dockerization efforts I’ve spent the past several weeks working on repackaging my PHP and Nginx packages so that they work on Alpine Linux with the aspiration of significantly reducing the size of the Docker images I provide.

To reduce the complexity of my Docker images, I pre-build packages for a given operating system, then install them using the operating system’s built in package manager. After creating packages for Alpine Linux (which was troublesome in it’s own right), I discovered there was little to no accurate documentation on how to create a web repository for Alpine Linux.

In this article I’ll cover the steps I needed to take to create a maintainable ALpine Linux web repository.

Moving to Hugo

Migrating my personal blog from CiiMS to Hugo

It’s hard to believe that it has almost been an entire year since my last blog post. In that time a lot has happened and changed both with my personal life and in the web development world. With those changes comes the need to re-think the way I both host and manage my personal blog – including the platform. Starting today, I’m moving my personal blog (and several other pages scattered across the internet) from being hosted on CiiMS to being hosted on Google Storage with Hugo.

ECDSA Certificate Authorities and Certificates With OpenSSL

Everything you wanted to know about generating the next generation of public key ECC ECDSA certificates and certificate authorities with OpenSSL.

A lot has been said recently about ECSDA certificates and elliptical curve cryptography (ECC), and about how they are the future of the humble SSL Certificate. Cloudflare has written serveral articles describing what excatly ECSDA certs are and how they function with ECC.

If you’re not familiar with ECC yet though, Cloudflare provided a pretty basic TL;DR; of what exactly ECC is and why it is important:

[…] ECC is the next generation of public key cryptography and, based on currently understood mathematics, provides a significantly more secure foundation than first generation public key cryptography systems like RSA. If you’re worried about ensuring the highest level of security while maintaining performance, ECC makes sense to adopt.

Based upon our current understanding of mathamatics, ECC provides significantly better security and performance than a typica 2048 RSA certificate. In this article, we’ll cover how to make a ECDSA Certificate Authority, a ECDSA compatible CSR, and how to sign ECDSA certs.

Dynamic DNS with Bind9

Correctly implementing Dynamic DNS updates with nsupdate and Bind9

One of the things that really bugs me about online tutorials is that find one that’s accurate is a major pain. Recently I have to figure out (again) how to get secure dynamic DNS updates working with nsupdate and Bind9. Since I haven’t done this in nearly 3 years now, I had forgotten several important steps. In the hopes of saving someone else time (and mine in the future should I forget in the future). In truth getting this setup is relatively simple - you just have to know the right set of steps in order to get it done right.

For this tutorial I’ll be using the Ubuntu 12.04 and Bind9 from upstream.