Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87608 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 55551 invoked from network); 4 Aug 2015 13:25:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Aug 2015 13:25:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.175 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.217.175 mail-lb0-f175.google.com Received: from [209.85.217.175] ([209.85.217.175:36818] helo=mail-lb0-f175.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 12/21-49831-16DB0C55 for ; Tue, 04 Aug 2015 09:25:54 -0400 Received: by lbbud7 with SMTP id ud7so5893973lbb.3 for ; Tue, 04 Aug 2015 06:25:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Ia/3yGskX0rZI+fYx0A/ILEwLu4nFi4CdtOKbvo7ccE=; b=pHIJ1McH9crrePvQeZ8/g429Jwn/zQoHOZU8UNRWJavXS1M9urLjWbu8J1BIe+kGz6 +bvdagLVMuFISCd6gCSFhlwwNvWp3gg3F56urehBrJhuzPwEEr+IwDjkDZ5ZA10ICpxS c3Z7C/Hbe613Pvx9+eRBWRT6+rfbrTV9I5ewVrp0MBbY3hKWi7JYLRUiifzZwZvKo7NA iYRvsILDciQLA6N39BRrWRHGKQN3xpf+jjzPjG3sVrhFd27q0HAXkeynaIjYqtvsIGbi nV/IMkHJ9y/JViIxLcjudXfkVLKI4nDox3kZ+z/ZbGEYzJZUpEd/RgR2jKbwdGvkwyD1 +cEQ== MIME-Version: 1.0 X-Received: by 10.112.64.172 with SMTP id p12mr3476666lbs.38.1438694750214; Tue, 04 Aug 2015 06:25:50 -0700 (PDT) Received: by 10.25.5.215 with HTTP; Tue, 4 Aug 2015 06:25:50 -0700 (PDT) In-Reply-To: References: <9996b5784a1bfbca80b07de01f1a7a94@k-piste.dy.fi> Date: Tue, 4 Aug 2015 09:25:50 -0400 Message-ID: To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= Cc: Scott Arciszewski , PHP Internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects From: ircmaxell@gmail.com (Anthony Ferrara) Lauri, On Tue, Aug 4, 2015 at 9:12 AM, Lauri Kentt=C3=A4 = wrote: > On 2015-08-04 14:54, Scott Arciszewski wrote: >> >> we do not allow secure modes > > > I hope that was a typo... ;) Indeed, it was not. The concept for this (I've been working with Scott on it) is that this should be a high-level abstraction. And any good high level abstraction should make assumptions for its users. One of them is that they want to be secure. If you want to build an insecure cipher, the primitives will still exist (openssl/etc). > On 2015-08-04 14:54, Scott Arciszewski wrote: >> >> Version and configuration information (not what is passed, but what is >> used) will be stored in the first few bytes of ciphertext output. > > > Will this information be specific to the driver or to PCO, or is it possi= ble > to use other software for decryption? Will the API have a way to decrypt > data based on that information (that is, without passing a DSN to the > constructor)? How about producing a human-readable DSN of the relevant > and/or all used settings to solve both of these cases? Rather than human readable (since that would consume a lot of space in the resulting ciphertext), I'd suggest a formalized open specification of the storage formats. Similar to the headers used by TLS and other formats. That way anyone can build to the specification, which would be maintained along side the implementation. So something like: byte 0 : Version identifier Version 1: byte 1 : cipher identifier byte 2 : mode identifier byte 3 : authmode identifier byte 4-8 : cipher-specific settings At least that's my thoughts. Anthony