Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:127824 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 3A33B1A00BC for ; Tue, 1 Jul 2025 14:32:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1751380254; bh=lPQdHIPon8SwgeOREnbIagsmTJMr2AkvbICOVZRpQa0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=m3fkUomFwlpgAbkHD9h5tRJf6iku2T1DDV3Gq6USDLFLdTptSsLSOFFRKS+INvQJo bT/DfLiR9/9njUFZJr6cU4hVSTRy2D0D+LJTqVPd5yZsYjzSqd2yA9VhBjKiPkXkBk eN2wZKcBFVUecvafh1k2qg5Y2BQrqNwLYTNCaxpXpsevck3H+scGEp8qBpZRS3vlYQ n03DYlk87j2hR6cIOMTdxDxAKUrBWOv91tUGJz5LHUjoh2U70yrHKLlgD9hDpTS2qx 2l1zl+qn55pW/+UZxZryST2LRoy+vYj6cl/UamgqaEeOuw1PNqw2HtyZ45v1ZkmgUg FLE+z31LNCeuQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 3B78718006C for ; Tue, 1 Jul 2025 14:30:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: Error (Cannot connect to unix socket '/var/run/clamav/clamd.ctl': connect: Connection refused) X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 1 Jul 2025 14:30:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1751380366; bh=jsiq3IGDEveuEhYlM15L2xOGAtvYoLoA8N/hN2JZUEQ=; h=MIME-Version:Date:From:To:Cc:Subject:In-Reply-To:References: Message-ID:Content-Type:from:to:cc:subject:message-id; b=J65lhx++sktZOVTMIMndovmDaSE/lj/3wd8ENgpuihjk3zz7TA0oWQN6Y7CYMRwj5 N2BxsD0sTfRhQWj7kUWHopLvJHPeZ0LMZGJYlF2+kmZEG0uNZNe3yG8O/r/yNlkc6d z1LwCh8VkKZ6FJB8pN+I5kIU0Az++/Ss54+IqY38ESSjQ6lZm9W4nWv3qu52OMDbfs aF0ZI4h8xBP18baz6ltol1RXVHf0WSsLLBCWf5S2vH3mDs8bYF2RynYl+scZfwW9EH ZUhJ/NetEPt1C9ZbuZpehZGDq7jgFfVL7eb/jO5MwwXO+lSn26NkeK7Rnd+Hz7+p1Y s9wXPeh6kb74g== Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Date: Tue, 01 Jul 2025 16:32:45 +0200 To: Larry Garfield Cc: php internals Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Add RFC 4648 compliant data encoding API In-Reply-To: <0a17ccaf-46e1-441a-b53d-9a3c6b893a03@app.fastmail.com> References: <0a17ccaf-46e1-441a-b53d-9a3c6b893a03@app.fastmail.com> Message-ID: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=C3=BCsterhus?=) Hi Am 2025-07-01 16:18, schrieb Larry Garfield: > I don't follow. Every function listed allows a timing mode to be set, > so I presume that means every function *can* use constant-time. The > implementation is, well, this RFC. :-) So I don't see why we can't > just force constant-time everywhere and be secure-by-default. Please see the note in the “Implementation” section. I wanted Ignace and the discussion to figure out the desired API from a “high level” perspective first, before checking individually whether or not a constant-time implementation is possible for each of the possible combinations of options, since depending on the API that is agreed-on certain combinations might not make it (allowing me to skip the effort of finding out how to do it constant time). > If there's a reason we cannot just blanket decide to use constant-time > everywhere always, we need concrete examples of why that's a bad idea; > and even then, I'd expect to be able to default to it. A constant-time implementation generally is (measurably) slower than non-constant time implementation, but also see above. > For the long-names issue that Tim pointed out, perhaps drop "Variant" > from the enum names? As they're namespaced, `Base32::Ascii` seems > fairly self-explanatory. You probably meant s/Tim/Rowan/. Best regards Tim Düsterhus