Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:84053 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 98224 invoked from network); 27 Feb 2015 21:29:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Feb 2015 21:29:37 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.181 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.220.181 mail-vc0-f181.google.com Received: from [209.85.220.181] ([209.85.220.181:45584] helo=mail-vc0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AC/AB-32582-EB1E0F45 for ; Fri, 27 Feb 2015 16:29:35 -0500 Received: by mail-vc0-f181.google.com with SMTP id le20so556737vcb.12 for ; Fri, 27 Feb 2015 13:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8ogrwkWEtTI/RJaGIoA4eKsVZYFQP4vQmQuoZyUKTts=; b=oxzXyHN6+JXnbaKfSUkUz06JgzjUZMpQSlOZaCztg47g2azV0NjcTdOgDcE+jaod1G 1dE97fLnAkTIne7E8g+EL/3Nj8jiS1jMFh6ooKzRFitIIrf8IAiXtiMDSeWnj8YUQmy5 qquGSZpYuFEGH6BRNlS1wuAHM1SNfXhwrUmFE9Ycq2Ctsv3yJ7wWMMgk31UhCZ4aiZ3h t1ynGv50TjJjFX7MZzm3llkh/3/oquuJ1Q491j0gJWs52ZrQ9Q3UXr6XSmWJbJGf1lln TpO2v+UnMIuLPUwr4v1kG2y3tOMwJMS9SbnREvs7rr3Wz9hlL9dA3bc3t5wH4VE88XGu AyQQ== MIME-Version: 1.0 X-Received: by 10.52.134.141 with SMTP id pk13mr5978862vdb.5.1425072570969; Fri, 27 Feb 2015 13:29:30 -0800 (PST) Received: by 10.52.177.10 with HTTP; Fri, 27 Feb 2015 13:29:30 -0800 (PST) In-Reply-To: References: Date: Fri, 27 Feb 2015 21:29:30 +0000 Message-ID: To: Tom Worster Cc: php-internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] aes_decrypt() aes_encrypt() (was Re: crypto_something) From: leight@gmail.com (Leigh) On 27 February 2015 at 21:14, Tom Worster wrote: > 1. You say it "doesn't leave any room for interoperability" but I'm > not sure I agree. I invite you again to look at the Cryptography lib > for Python. There are countless applications/services that will do things "their own way", and the odds of them using the same structure as any generic implementation is going to be hit and miss. I guess it would have been better if I had said "doesn't give any room for flexibility" > I don't see why we couldn't sponsor an effort to encourage adoption > of this or some such interoperability protocol. Go to FIG, see if the > Rails, Node and Django people are interested, and so fourth... Feeling pretty pessimistic on this one. Each camp is going to feel that they know best and push for their own way. If we could get a mandate from a group of established and respected cryptographers, maybe :) > 2. At this stage I think PHP should be thinking beyond AES. There are > a number of arguments about phasing out AES that you can find online. > Regardless of the merits of these arguments, the demand for newer > ciphers is only going to increase. Meanwhile, it's going to be years > before anything we discuss here now is mainstream in PHP and more > years before that gets upgraded. So I think we may as well have a > pluggable backend for algorithm implementations and a means for users > to upgrade ciphers, perhaps by introducing new version numbers in the > above mentioned protocol from time to time. That said, I'm not in > favor of a function that lets users choose among lots of ciphers. I > just want an easier way to evolve than introducing new functions, > like, idk, threefish_encrypt(). I hear you. http://marc.info/?l=php-internals&m=142365688004941&w=2 Count the number of replies :(