Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90255 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15900 invoked from network); 7 Jan 2016 15:52:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jan 2016 15:52:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@rouvenwessling.de; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@rouvenwessling.de; sender-id=unknown Received-SPF: error (pb1.pair.com: domain rouvenwessling.de from 80.241.60.215 cause and error) X-PHP-List-Original-Sender: me@rouvenwessling.de X-Host-Fingerprint: 80.241.60.215 mx2.mailbox.org Received: from [80.241.60.215] ([80.241.60.215:57711] helo=mx2.mailbox.org) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7D/21-09042-6D98E865 for ; Thu, 07 Jan 2016 10:52:56 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 4340F4208D; Thu, 7 Jan 2016 16:52:52 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id luEbEVflR9a8; Thu, 7 Jan 2016 16:52:51 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\)) In-Reply-To: Date: Thu, 7 Jan 2016 16:52:50 +0100 Cc: PHP Internals Content-Transfer-Encoding: quoted-printable Message-ID: <1DDB3D90-2293-417F-9723-3691CC9DBCED@rouvenwessling.de> References: To: Scott Arciszewski X-Mailer: Apple Mail (2.3096.5) Subject: Re: [PHP-DEV] [RFC] Libsodium From: me@rouvenwessling.de (=?utf-8?Q?Rouven_We=C3=9Fling?=) Hi Scott, questions inline. > On 07 Jan 2016, at 14:26, Scott Arciszewski = wrote: >=20 > I've updated the RFC to make libsodium a core PHP extension in 7.1, to > include references to the online documentation. >=20 > https://wiki.php.net/rfc/libsodium I know this is made difficult by the fact that this is an existing, = stable PECL extension, which also supports older PHP versions but I = don=E2=80=99t think it=E2=80=99s a good idea to introduce more functions = that duplicate things handled already in core (I don=E2=80=99t mean in = ext-openssl as lib sodium would be an alternative to that extension). = I=E2=80=99d rather see less duplication, not more. =46rom a quick glance the following functions seems to be already = covered: \Sodium\memcmp \Sodium\bin2hex \Sodium\hex2bin \Sodium\randombytes_buf \Sodium\randombytes_uniform \Sodium\randombytes_random16 If their implementation is better than the core implementation, core = should be fixed. Do the hashing functions have any advantage over those provided by = ext-hash? There are also a couple of other functions whose value I=E2=80=99d = question, I=E2=80=99ll send an email about those later. > This is part of an overall effort to improve PHP's cryptography; up > next will be the pluggable crypto API that supports multiple backends > (with a scope limited to openssl and libsodium at the time of release) > but always provide conservative defaults. A more general question: I haven=E2=80=99t looked at your prototype for = a higher level API yet, but I=E2=80=99m wondering if it=E2=80=99s still = necessary to introduce another low level API? When would I choose to use = the latter? Best regards Rouven