Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63208 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 92088 invoked from network); 20 Sep 2012 17:23:01 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Sep 2012 17:23:01 -0000 Authentication-Results: pb1.pair.com header.from=g.b.yahav@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=g.b.yahav@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.42 as permitted sender) X-PHP-List-Original-Sender: g.b.yahav@gmail.com X-Host-Fingerprint: 209.85.212.42 mail-vb0-f42.google.com Received: from [209.85.212.42] ([209.85.212.42:42579] helo=mail-vb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8B/A1-15057-4F05B505 for ; Thu, 20 Sep 2012 13:23:01 -0400 Received: by vbbfs19 with SMTP id fs19so3097709vbb.29 for ; Thu, 20 Sep 2012 10:22:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=e73rWECsN/c45qFWTaLsSmzfDRPTekdmzSKRsQx1vos=; b=AMl/jBiLnHs+UzciG1omb3Yf9PyW2azu3gDT2R6S6Q9/0IW0BpOVoW8mbHwQ0qFFlZ hP4dhkrN6AAFZjXU8ndB6hK+X8umQlftjyXNl7j4l3NrVMWbCA4vuGo/0QW/i0zsmkJI p8/yGcBKujJdPLMMlg20jYLo7FwVirdpUaoZiSVK47z7QvDzmnajZVaXpz+WwjrE/brA L/uIYvTK6hi6K4Al0fr8Lu443kB/lqKFHKhgS57ozvvw4Ln01jtftq7W46Gcb0u+Hbze jOBtsqugKtf/7vIx1Cwdeg8EDcHlPF0+cUhByOQ+NteN5AawY76Qr0qZgLaBnCJziVVK ProQ== Received: by 10.58.95.65 with SMTP id di1mr1432861veb.55.1348161778211; Thu, 20 Sep 2012 10:22:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.0.69 with HTTP; Thu, 20 Sep 2012 10:22:38 -0700 (PDT) In-Reply-To: <505B2CA7.6050505@codeangel.org> References: <505B2CA7.6050505@codeangel.org> Date: Thu, 20 Sep 2012 20:22:38 +0300 Message-ID: To: Chad Emrys Cc: internals php list Content-Type: multipart/alternative; boundary=e89a8f503b72e3dba104ca255f60 Subject: Re: [PHP-DEV] Authenticated Encryption in PHP From: g.b.yahav@gmail.com (Yahav Gindi Bar) --e89a8f503b72e3dba104ca255f60 Content-Type: text/plain; charset=ISO-8859-1 To be honest, I've thought about it today and think that it could be great! :) I'd love to help if it's possible in any way I can :) On Thu, Sep 20, 2012 at 5:48 PM, Chad Emrys wrote: > Hello, > > I was wondering how difficult it would be to add access to a standard > authenticated encryption mode in openssl. I was looking and trying to > figure out how to do this in PHP, seems you have to do it the old fashioned > way that's way too prone to error, basically encrypt and mac yourself. > This has been shown to be really easy to mess up, but now we have > standards such as GCM, CCM, and EAX. GCM seems to be the popular choice > since it's the fastest, unencumbered by patents, and adopted by NIST. > (Also personally like GCM, because that's also what the JCE went with and I > have interest in using encryption between Java and PHP). It seems openssl > lib in C does have support for GCM, so I was wondering how difficult would > it be to offer such cipher options in PHP's openssl functions such as > "aes-128-gcm" etc... Possibly throwing an error when the tag fails (or > maybe something better, as if the user has display errors on, there have > been known attacks letting an attacker know if the tag failed vs other > reasons decryption failed). > > Chad > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --e89a8f503b72e3dba104ca255f60--