Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91964
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain myrasecurity.com designates 185.85.3.44 as permitted sender)
Date: Sun, 27 Mar 2016 03:55:10 +0200 (CEST)
To: Stanislav Malyshev <smalyshev@gmail.com>, 
	PHP Internals <internals@lists.php.net>, 
	Scott Arciszewski <scott@paragonie.com>
Message-ID: <105488689.506.427e4c07-ed66-4bbb-aea2-097c92d2538e.open-xchange@myra232.schumann.net>
In-Reply-To: <56F7398A.5050002@gmail.com>
References: <CAKws9z1bY=nLo=K8D9OQ_K0yhfNE-5SAEaDgyZnM34P3v8im9g@mail.gmail.com>
 <56F7398A.5050002@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Importance: Medium
Subject: Re: [PHP-DEV] [RFC] RFC4648 encoding
From: sascha.schumann@myrasecurity.com (Sascha Schumann)

> > PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode().
> > This covers part, but not all, of RFC 4648.
> > 
> > I'd like to extend the coverage to include, at minimum, Base32.
> 
> What's the use case for it? Is anybody using base32 now?

I'd have a few times if the functionality had been easily available.

Please make this a single call:

str_convert_base($in, $old_base, $new_base);

"str_" because it applies in most cases to stuff not representable as a PHP
float/int.

> > I'd also like to make these functions to be written to resist cache-timing
> > attacks (i.e. when used to encode/decode encryption keys for long-term

As this requires slowing things down, this should be an extra, optional feature.
Either to the relevant functions, or more likely globally, as it does not make
much sense on a per-function level.

Sascha