Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87587
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78820 invoked from network); 3 Aug 2015 21:55:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Aug 2015 21:55:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.44 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.215.44 mail-la0-f44.google.com  
Received: from [209.85.215.44] ([209.85.215.44:36071] helo=mail-la0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F0/10-11948-D43EFB55 for <internals@lists.php.net>; Mon, 03 Aug 2015 17:55:25 -0400
Received: by labgo9 with SMTP id go9so37158414lab.3
        for <internals@lists.php.net>; Mon, 03 Aug 2015 14:55:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=xHPN6eAH2YSQY6dgtPvGF4rm1TpbSASiNa7gxbIDVmQ=;
        b=BmWn3E7L/MFNi95TF+80iIxV2/pvOz9iN5O7gnKhPJAHAXzCksSzWT4NGzr9whidgY
         RbAxXRGAwdAiXIjzU0oIzriJ9odhXHSJQmTX0us2/eMBJn2DoFei2FSoZ3+RavnluDWp
         gYcx1Ljslsij9s34dBHeM4V75W6RZm8W0Gj9LgQGd8RnXckmc9ApHcP5XY230KLEXNvq
         4BeyW/TVAwbHLot6cqwAUvxHwlRiA5oWOi/kkCjFrArSdQwCSClErGYJ9lhbgs/dznLB
         CTssPQN7TarAC1wt2zhWvDZ4x3ufIGxP4MUXn/rWdvYXaftWEON/WVscUfYSlsdaMn0l
         cY8g==
MIME-Version: 1.0
X-Received: by 10.112.205.161 with SMTP id lh1mr184385lbc.43.1438638922783;
 Mon, 03 Aug 2015 14:55:22 -0700 (PDT)
Received: by 10.25.5.215 with HTTP; Mon, 3 Aug 2015 14:55:22 -0700 (PDT)
In-Reply-To: <CAKws9z1fatmSR2YLaeBn0zVv-s3iwCj7OUKjW949QC0L_VndpA@mail.gmail.com>
References: <CAKws9z1fatmSR2YLaeBn0zVv-s3iwCj7OUKjW949QC0L_VndpA@mail.gmail.com>
Date: Mon, 3 Aug 2015 17:55:22 -0400
Message-ID: <CAAyV7nE50VGXWSNYKiG00nYF6oYt3dS1iKy0mJpROmSPQ-BT5Q@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects
From: ircmaxell@gmail.com (Anthony Ferrara)

Scott,


On Mon, Aug 3, 2015 at 4:54 PM, Scott Arciszewski <scott@paragonie.com> wrote:
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>
> Some of these might be familiar to some of you.
>
> 1. Pluggable Cryptography Frontend
>
> Work is currently underway for a PHP prototype for this idea
> originally suggested by ircmaxell, that will basically be like PDO for
> cryptography. Our current project name, subject to change, is PHP
> Crypto Objects (PCO).
>
> The idea is that you could write code like this to add secure
> authenticated encryption to your application without having to worry
> about the details.
>
>     $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>     $ciphertext = $AES->encrypt($plaintext, $someKey);
>
>     $PKC = new \PCO\Asymmetric('libsodium');
>     $offlineDecryptable = $PKC->seal($plaintext, $someX25519PublicKey);
>
> When it's finished, I'd like to turn it into a PECL extension so users
> can play with it in PHP 7.0 and submit it for inclusion in 7.1.
>
> 2. Cache-timing-safe character encoding functions
>
> Alternatives for existing functions that should function like their
> unsafe counterparts, but without branches or data-based index lookups.
>
> * hex2bin() -> hex2bin_ts()
> * bin2hex() -> bin2hex_ts()
> * base64_encode() -> base64_encode_ts()
> * base64_decode() -> base64_decode_ts()
>
> Other formats are out of scope, unless someone can make the case that
> we need to support RFC 4648 base32 encoding (e.g. for Tor Hidden
> Service integration).
>
> 3. Other ideas (not yet committed to at all, but might be of interest
> to others):
>
> * Improving the OpenSSL API, or at least the documentation
> * Adding streaming encryption/decryption support to OpenSSL
> * Adding AE and AEAD interfaces to OpenSSL
> * Aliasing MCRYPT_AES -> MCRYPT_RIJNDAEL_128, adding MCYPT_MODE_CTR
>
> What I need from you is guidance on what features or changes you want
> to see in 7.1 and which can be put off until later (or never proposed
> as an RFC at all).
>
> Seriously, all I need is your opinion and whether or not you'd like to
> see any of these happen. If you have specific implementation details
> you'd like to discuss or requests, of course those are welcome too. :D
>
>     "With great ubiquity comes great responsibility." - Matthew Green
> <https://twitter.com/matthew_d_green/status/578567678492733440>

Thank you! You have my full support here (and when I get time my
contributions). I think these projects will go a long way towards
improving security in PHP.

so, Thank You!!!

Anthony