Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:69142
Return-Path: <addw@phcomp.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33449 invoked from network); 16 Sep 2013 10:56:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Sep 2013 10:56:38 -0000
Authentication-Results: pb1.pair.com header.from=addw@phcomp.co.uk; sender-id=permerror
Authentication-Results: pb1.pair.com smtp.mail=addw@phcomp.co.uk; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain phcomp.co.uk designates 78.32.209.33 as permitted sender)
X-PHP-List-Original-Sender: addw@phcomp.co.uk
X-Host-Fingerprint: 78.32.209.33 freshmint.phcomp.co.uk  
Received: from [78.32.209.33] ([78.32.209.33:51019] helo=mint.phcomp.co.uk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 72/31-27599-1E3E6325 for <internals@lists.php.net>; Mon, 16 Sep 2013 06:56:37 -0400
Received: from addw by mint.phcomp.co.uk with local (Exim 4.72)
	(envelope-from <addw@phcomp.co.uk>)
	id 1VLWTm-0005gg-QD
	for internals@lists.php.net; Mon, 16 Sep 2013 11:56:30 +0100
Date: Mon, 16 Sep 2013 11:56:30 +0100
To: internals@lists.php.net
Message-ID: <20130916105630.GZ3919@phcomp.co.uk>
Mail-Followup-To: internals@lists.php.net
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: Parliament Hill Computers Ltd
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: PHP Crypt functions - security audit
From: addw@phcomp.co.uk (Alain Williams)

In the light of the recent scandal of the NSA (& others) attacking encryption
would it be a good idea to see if we can get an audit of all the security
related code in PHP ? It would do a bit to help boost confidence in PHP - and
might even find something (although I hope not).

What I am thinking of:

* done by people outside of the usual PHP community.

* the final report, and any interim ones, to be published in their entirety.

* done by people who have real clue when it comes to security [count me out :-) ].

Why ? To improve the public confidence in PHP.

Just in case you have been living under a stone recently:

    https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>