Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87610
Return-Path: <dennis@birkholz.biz>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 60534 invoked from network); 4 Aug 2015 14:16:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Aug 2015 14:16:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=dennis@birkholz.biz; spf=unknown; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=dennis@birkholz.biz; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain birkholz.biz does not designate 144.76.185.252 as permitted sender)
X-PHP-List-Original-Sender: dennis@birkholz.biz
X-Host-Fingerprint: 144.76.185.252 mx01.nexxes.net  
Received: from [144.76.185.252] ([144.76.185.252:48178] helo=mx01.nexxes.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B4/F1-49831-439C0C55 for <internals@lists.php.net>; Tue, 04 Aug 2015 10:16:21 -0400
Received: from [137.226.183.192] (ip3192.saw.rwth-aachen.de [137.226.183.192])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: db220660-p0g-1@packages.nexxes.net)
	by mx01.nexxes.net (Postfix) with ESMTPSA id 7794948248D;
	Tue,  4 Aug 2015 16:16:17 +0200 (CEST)
To: Anthony Ferrara <ircmaxell@gmail.com>,
 =?UTF-8?Q?Lauri_Kentt=c3=a4?= <lauri.kentta@gmail.com>
References: <CAKws9z1fatmSR2YLaeBn0zVv-s3iwCj7OUKjW949QC0L_VndpA@mail.gmail.com>
 <9996b5784a1bfbca80b07de01f1a7a94@k-piste.dy.fi>
 <CAKws9z3r6dQ1BQaA5Q9kQNpNu11M+EJ+LS7DwGZxajnfXmLYFg@mail.gmail.com>
 <df1da8f007fc46dc8b2301b8930a3219@k-piste.dy.fi>
 <CAAyV7nFHJs0JVzSEyFjhh49zFF=dD0q4_TxZTrbRLN+K4p4wLg@mail.gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Message-ID: <55C0C931.7080405@birkholz.biz>
Date: Tue, 4 Aug 2015 16:16:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <CAAyV7nFHJs0JVzSEyFjhh49zFF=dD0q4_TxZTrbRLN+K4p4wLg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects
From: dennis@birkholz.biz (Dennis Birkholz)

Hi Anthony,

Am 04.08.2015 um 15:25 schrieb Anthony Ferrara:
> Lauri,
> 
> On Tue, Aug 4, 2015 at 9:12 AM, Lauri Kenttä <lauri.kentta@gmail.com> wrote:
>> On 2015-08-04 14:54, Scott Arciszewski wrote:
>>>
>>> we do not allow secure modes
>>
>> I hope that was a typo... ;)
> 
> Indeed, it was not.
> 
> If you want to build an insecure cipher, the primitives will still
> exist (openssl/etc).

The point here is the missing "in" in the original quote ;-=

> Rather than human readable (since that would consume a lot of space in
> the resulting ciphertext), I'd suggest a formalized open specification
> of the storage formats. Similar to the headers used by TLS and other
> formats. That way anyone can build to the specification, which would
> be maintained along side the implementation.
> 
> So something like:
> 
> byte 0 : Version identifier
> 
> Version 1:
> byte 1 : cipher identifier
> byte 2 : mode identifier
> byte 3 : authmode identifier
> byte 4-8 : cipher-specific settings

That is a very good idea to have some crypto format specification that
contains the meta data. But is this such a new idea that now format
exists already that can hold the required information? No available
format we can embrace and that has implementations already?

Greets
Dennis