Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91858 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 35696 invoked from network); 22 Mar 2016 18:29:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Mar 2016 18:29:13 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.53 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com Received: from [209.85.218.53] ([209.85.218.53:34358] helo=mail-oi0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0C/01-30596-9FE81F65 for ; Tue, 22 Mar 2016 13:29:13 -0500 Received: by mail-oi0-f53.google.com with SMTP id i17so19147968oib.1 for ; Tue, 22 Mar 2016 11:29:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to; bh=mJ08PWD02fWKp/bzsYUay3hzf2wQaOhrGpazPTGGHAg=; b=r6o+LMOwWkc4OuYhgsZow+D031T63XknK/qJvZziFYSbuKrcy8wQwo96tPxK3dFCT6 3NJ1LVdEUxk4ecW61JYv/aTa7Akuk4mm9xJjb7SryRSLiF5f/2rBAJcEwMk5boZq/fE+ 6Mv3+4oDcgV8ZZPSYQKEYrGp9tkRjQDAvrUN9II7OIL7xH8ZLU5DDkjeACQQqPSzxImJ uucThXwHljvixTdB/fmkjdZpVQNLRSSq3yLJyxgJK2LRERzKIkiqdQ5s2QVoxVZHBQxH FBJeJEHGZHrk2J5wt6ul/TnvOEePyjyxg+X9Np49yFd5bTC/9DL03NRwpgYV3OMfGQ9K A+wA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=mJ08PWD02fWKp/bzsYUay3hzf2wQaOhrGpazPTGGHAg=; b=djAlfgMCbLysk0kCkIjv6O13HVworr64bx4wwJOTI6RKqAJijNdT8G8Hnf90Ce2hHn lN+krLOQNXXnIAQRKipKtWOWyE5drNGxACMHKVXHMf2zh6+f79ttX7YzSZzCdf+lwyzH 2YEizHl1jVqMoUTSeoUtT+h8JbjGPtK/LoH2cYik6bWc9/oXtd8lLO0C6vUc+kLlPArz 0zW3T3pG8HiPdBS7i1gXBxY0xEdop1oiehB141euPdbLynbWaYIPJJajKkxE+rih3A0P 1XlZklbu5AhjmBcQu7ixUjThYlrdau+Mswi/yJ0fvYj/fXBSvZ6xieN1WpDbMVqpDXRP NWPA== X-Gm-Message-State: AD7BkJJuRcw4FFeDZusQVaUkABPIqurO3IX7/5aPblU1c4ChQkDPMO3PAhZ7ILFVbygyOf9NGZZA+Y/3NVhQIA== MIME-Version: 1.0 X-Received: by 10.157.61.33 with SMTP id a30mr3929364otc.95.1458671349971; Tue, 22 Mar 2016 11:29:09 -0700 (PDT) Received: by 10.157.14.47 with HTTP; Tue, 22 Mar 2016 11:29:09 -0700 (PDT) Date: Tue, 22 Mar 2016 14:29:09 -0400 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary=001a1140919aa8de35052ea7639b Subject: [RFC] RFC4648 encoding From: scott@paragonie.com (Scott Arciszewski) --001a1140919aa8de35052ea7639b Content-Type: text/plain; charset=UTF-8 PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode(). This covers part, but not all, of RFC 4648. I'd like to extend the coverage to include, at minimum, Base32. I'd also like to make these functions to be written to resist cache-timing attacks (i.e. when used to encode/decode encryption keys for long-term storage). Userland PoC: https://github.com/paragonie/constant_time_encoding http://blog.ircmaxell.com/2014/11/its-all-about-time.html These modifications can either be made in-place (at a negligble cost on the scale of nanoseconds) or they can be an alternative implementation. i.e. * bin2hex_ts() * base64_encode_ts() * base32_encode_ts() Does anyone have any questions or concerns? Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises --001a1140919aa8de35052ea7639b--