Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83896 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 11099 invoked from network); 26 Feb 2015 15:37:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Feb 2015 15:37:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 67.192.241.155 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 67.192.241.155 smtp155.dfw.emailsrvr.com Linux 2.6 Received: from [67.192.241.155] ([67.192.241.155:59164] helo=smtp155.dfw.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EC/F1-32582-5AD3FE45 for ; Thu, 26 Feb 2015 10:37:09 -0500 Received: from smtp16.relay.dfw1a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp16.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 7AD19380258 for ; Thu, 26 Feb 2015 10:37:06 -0500 (EST) Received: by smtp16.relay.dfw1a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id A1D0B3800D2 for ; Thu, 26 Feb 2015 10:37:05 -0500 (EST) X-Sender-Id: fsb@thefsb.org Received: from [10.0.1.2] ([UNAVAILABLE]. [73.4.147.142]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.4.2); Thu, 26 Feb 2015 15:37:06 GMT User-Agent: Microsoft-MacOutlook/14.4.8.150116 Date: Thu, 26 Feb 2015 10:37:01 -0500 To: php-internals Message-ID: Thread-Topic: crypto_something Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Subject: crypto_something From: fsb@thefsb.org (Tom Worster) On 2/26/15, 3:48 AM, "Stanislav Malyshev" wrote: >The custom is that the first word names the function group (yes, I know >old functions do not follow it, but this is new one). Unless we're going >to introduce a group of functions called secure_*, random_* is a natural >choice. This reminds me of the other problem. There is no one crypto lib that is in good shape or really covers what's needed. The Cryptography lib for Python has the right idea with it's backend interfaces: http://is.gd/kUztPc There's a lot else I like about that lib, like putting all the primitives under a member named "hazmat". The problems with mcrypt have been discussed. The limitations of OpenSSL became apparent when I researched what a shim on OpenSSL could manage: http://is.gd/jHtafh tl;dr The coverage is so poor I wouldn't bother trying. If you're using AES/CBC you're OK and it's not worth messing around with a shim. I'm not sure there's anything else OpenSSL supports that I want anything to do with. Besides, people are understandably scared of OpenSSL. libgcrypt does at least have a maintainer but it's poor Werner Koch who is so destitute he lives on charity raised on Kickstarter and has his work cut out just trying to deal with GPG: http://is.gd/cbHCYO Botan has a nice array of features and is well documented but is otherwise a mystery to me. Python Cryptography uses also Apple's CommonCrypto but it doesn't add very much, is limited to OS X and comes with Apple's open source license. I thought I'd share what I learned while working on it. And, fwiw, Yii excises Mcrypt in 2.0.3.