Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90277 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52439 invoked from network); 7 Jan 2016 17:05:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jan 2016 17:05:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.215.41 cause and error) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.215.41 mail-lf0-f41.google.com Received: from [209.85.215.41] ([209.85.215.41:32855] helo=mail-lf0-f41.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9C/76-21405-1FA9E865 for ; Thu, 07 Jan 2016 12:05:54 -0500 Received: by mail-lf0-f41.google.com with SMTP id m198so12413960lfm.0 for ; Thu, 07 Jan 2016 09:05:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EXs5/CEH0zB1viLEhahlXr6SgZD0NmKB3zdizIBiBHs=; b=V+P7Ml8hhXfsE3PLKZitN5X33+fZ2chTrcVJca6+6Dr26kwL46mJPxZKTRs6XcAx8G 5QkaN0T2P/ak7mP/5vEZ5blKQmqySDgkEnAPn7ty2EGjPbcEnCpk218iID3DCJR8fnKP yssikol/kmL348UdfK85EMC+oUPBjuCssG9I4r4E3VPqPL8F9FwN2quhYPHiEEC2gOWf pEo65Wd5O+VyarmB6+TFjpLnn6AUfjAwjdyUWR1DjlOgMAlbETm8MyVRBhuWk+COmsMe tf6bNNnxn2ZOOHjd5L0XtAXTbxcBj297ENA0jr2WLsVrBMHOb5gjwZ2ot6fw+RBFDDxx ZKCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=EXs5/CEH0zB1viLEhahlXr6SgZD0NmKB3zdizIBiBHs=; b=Is4RchzsFw6/rRmF5O3u5QpRDRJaimKUI8pf9kMkEEL0EKxbUJtHQMipavsPhBYx29 yN9p36wv2Egq46WawoD5Gy1D84BX+I5etwQ3v9eH9BLMk7Y5Wf0bJBbhf6A/I/f90moN wVAIKCOH7JFLhqOFg96DP55dykNUOo8ndz1npA+YpVXH5BNpOkyrs4vG5nYloA5VkWxT Cais1nV1vGpN/UmC9hsZ91o3qDYbjoPm+rIWRzY+/ol5YKO7q53kYW1cIqjymrEMAJdw +fc0+tUPNgMf31o098/qirh1vwIMPioHr8ysn45Ex0oJaoERIndczdqZx2Q18io7PD4M gHcw== X-Gm-Message-State: ALoCoQmHIdy2kDV7xcyycAO4k1Uh5RmCAsbxKGp1p/Y8ZnguaDtPQpuw8ZYgH620TAJDq61KtOn8KFX7tHTBt+1WLWO0Mv0WGA== MIME-Version: 1.0 X-Received: by 10.25.28.80 with SMTP id c77mr37009199lfc.74.1452186350855; Thu, 07 Jan 2016 09:05:50 -0800 (PST) Received: by 10.114.160.13 with HTTP; Thu, 7 Jan 2016 09:05:50 -0800 (PST) In-Reply-To: References: Date: Thu, 7 Jan 2016 12:05:50 -0500 Message-ID: To: Jan Ehrhardt Cc: PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] Libsodium From: scott@paragonie.com (Scott Arciszewski) On Thu, Jan 7, 2016 at 11:58 AM, Jan Ehrhardt wrote: > Anthony Ferrara in php.internals (Thu, 7 Jan 2016 11:30:14 -0500): >>I agree with you in principle, but in this particular case I think >>that there's enough justification considering how measurably bad >>mcrypt is, and how little some people trust openssl. > > OTH, OpenSSL has made progress and the quality is improving as far as I > can tell as a bystander. > -- > Jan > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > Their cipher implementations are OK. Their userspace "CS"PRNG needs to be [any violent metaphor for "deleted" here] in favor of using the kernel's. Then again, LibreSSL is also guilty of this. BoringSSL does it right. Their certificate validation code, last I checked, is the stuff of nightmares. I recall an 800+ line C function. (Have fun auditing that!) Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises