Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87631 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 20987 invoked from network); 5 Aug 2015 00:10:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Aug 2015 00:10:44 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.54 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.220.54 mail-pa0-f54.google.com Received: from [209.85.220.54] ([209.85.220.54:34853] helo=mail-pa0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8B/96-11835-38451C55 for ; Tue, 04 Aug 2015 20:10:43 -0400 Received: by pabxd6 with SMTP id xd6so3050279pab.2 for ; Tue, 04 Aug 2015 17:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=0v16FxPDx0MLvtM7aVA4kcE8UEqJ+zIjuaf9yawWOa0=; b=bdjp3MzDa85C4JXkSyxv1ffOulrhl5clyczvtfzaRc8YM/kKU/fYPlF0HrWzoaQdv4 nOK0qKDahe54fWprHr+GkXvN9/Hi4oqnt7nR+Ys10+WT2MBT9BHMrMjQGbWHvKYLc4ye D24U+tsbSBN+HsSKoJg0EfNmHarVIpi0q/lbbFiFxFYkpA/mbG770T+91D2YdXr9I8OC riJDmt2X1Z9XiQHYK7CnnuKqPi/ClYt7e6eN178JVrG7ojC0XBgFWMlPAj+aiSyhjZ0E 9nycpbVmrm1F7OWFjObkqxbaDC1yQR+ruaiduIAdDlsulgdO/VyoSazvxOzq6DbtMgO/ xVIA== X-Received: by 10.66.66.68 with SMTP id d4mr13235929pat.43.1438733440606; Tue, 04 Aug 2015 17:10:40 -0700 (PDT) Received: from Stas-Air.local (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48]) by smtp.gmail.com with ESMTPSA id xv1sm589947pbb.25.2015.08.04.17.10.39 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Aug 2015 17:10:39 -0700 (PDT) To: Scott Arciszewski , =?UTF-8?Q?Lauri_Kentt=c3=a4?= References: <9996b5784a1bfbca80b07de01f1a7a94@k-piste.dy.fi> Cc: PHP Internals Message-ID: <55C15472.4020108@gmail.com> Date: Tue, 4 Aug 2015 17:10:26 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 7.1 Cryptography Projects From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > We're still discussing the DSN string for the constructor. These are > what the options look like, currently: I think it's better to separate the arguments. I understand why PDO makes such strings - there can be all kinds of options, and it's hard to configure - i.e. in ini files - if it's not a single string. However, I think in this case it's less of a concern, and while composing this string it's too easy to make a mistake with bad consequences. > * "openssl" should use openssl in a secure, sane default That's kind of open-ended... Secure, sane default to do what? > Version and configuration information (not what is passed, but what is > used) will be stored in the first few bytes of ciphertext output. That means new cyphertext format. Which makes these functions incompatible with every other encryption/decryption functions out there (i.e., if you talk to Java app using these functions, you'd have to implement your own decryption routines in Java too). Is that really a good idea? -- Stas Malyshev smalyshev@gmail.com