Key Derivation Function: https://en.wikipedia.org/wiki/Key_derivation_function
How to store sensitive user data in a database and allow user access through session key: https://security.stackexchange.com/questions/157422/store-encrypted-user-data-in-database
HTTPS (Hyper Text Transfer Protocol Secure): https://pt.wikipedia.org/wiki/Hyper_Text_Transfer_Protocol_Secure
When and ARP request is sent via broadcast to the local network, a malicious host can issue an ARP reply with it's own MAC address. This type of attack is called ARP poisoning. to prevent it, switches can implement dynamic ARP inspection (DAI).