We use all the latest security practices to keep you safe.
Want to learn more about security and encryption?
How Encryption Works
Encryption is the process of rendering a message such that it becomes unreadable without possessing the correct key. In the simple case of symmetric cryptography, the same key is used for encryption as is used for decryption. In asymmetric cryptography, it is possible to encrypt a message with your public key and only you, possessing your private key, can read it.
Encrypting network communications is absolutely essential to the security of anyone who wishes to use our website. The standard and most reliable form of network encryption is called Transport Layer Security (TLS). Our website uses TLS, which is accessible by typing https://illinoisfarm.us into your browser instead of just http://illinoisfarm.us.
Our server generates a pair of related cryptographic keys, one private key and one public key. We submit our public key and some identifying information to a trusted Certificate Authority who gives us back a digitally signed certificate, which contains the information we provided, including our public key. When you visit our website, your browser will process the certificate our server offers and verify that the digital signature is legitimate and provided by a trusted certificate authority. Your browser will initiate the remainder of the handshake protocol, which only a server in possession of the appropriate private key for the certified public key can participate in without causing errors. Once a HTTPS session has been established, your communications with our server can promise confidentiality and authenticity.
How Your Password Is Secured
We take your password, a salt and a cost factor, then apply a sophisticated one-way transformation of the password and salt, repeatedly, based on the cost factor. As of now, PHP, our backbone for our website, uses bcrypt to hash and salt your password. In the coming years, PHP will begin using libsodium, a better hashing algorithum for securing passwords. When that day happens, we will switch from using bcrypt, over to libsodium.
How Your Information Is Stored
When you register on our website, your data is sent to a database where a new entry is created specifically for your new account. Your data is encrypted by a private key and cannot be read by anyone, unless they have access to the private key. Your password is encrypted seperatly using a diffrent method that has become the default standard in cryptography. No one can see your password because there is no decryption available to see it in plain text. This makes your password incredibly secure but also means that if you forget your password, it cannot be recovered.
How To Contact Us
When you use our contact us page, your message is encrypted and can only be read by us by using our private encryption key, called a PGP Key. If you want to comunicate with us, back and forth, privatly, you will need a PGP key for yourself. If you only wish to encrypt messages sent to us, then you need not worry about a PGP Key, just send us a message and our website will do the work for you.
Our website uses secure certificates to ensure all data transfered is kept private and encrypted. You will notice this in many ways, usually your address bar will turn green or a padlock will be present somewhere, it's handled differently on whatever device you are using. If you are entering your password, credit card info or other sensetive data, please make sure you are aware that the connection remains secure. If at any time, the padlock disappears or the address bar is no longer green, do not continue, it is no longer safe and secure.