Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93803 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 65817 invoked from network); 5 Jun 2016 08:31:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2016 08:31:14 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.218.42 as permitted sender) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.218.42 mail-oi0-f42.google.com Received: from [209.85.218.42] ([209.85.218.42:36571] helo=mail-oi0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1E/02-55579-153E3575 for ; Sun, 05 Jun 2016 04:31:13 -0400 Received: by mail-oi0-f42.google.com with SMTP id j1so185822224oih.3 for ; Sun, 05 Jun 2016 01:31:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=GEtnbmEabHSAYdjgaYrjxzvJtmiI9D54sY0h8PbRb7Q=; b=zENtSgW/qu5tGd2V/oXGTlDB4+TQgC0msBwa8sXc9Ntk72DZeAxpaoPjDvNU1LjUwN 7UTcAmbBNcw+NliqEabq192ZhoG0iHzCj68QmQ+bcNQcMRZrUatfx5mj/jChUaVqpgEU AK3YhjmsdV2VI2Qs8s8KMENaUMmFmjHOVQB9y5yU9QZ6dUnQvLjOfua06yw85F5Su0Y8 rlCgUZcboJz2JU9Bn982I+ZWYJamtL04ijgUvRhnIu8KsweMyjMnaZgnZp8UPYKTzaxT EM1g63DvDQB8/HiI2NZUsEEwsv6szVHcQWhWHUPjHO5iZFqJdJUcCF4a5jsM0zy+f8Hf 7thA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=GEtnbmEabHSAYdjgaYrjxzvJtmiI9D54sY0h8PbRb7Q=; b=QNmcimId6EeG0ByXXYSkIErutNeGTZ5dcK0ErAhGHcwIURnbpNUz8amTqF4z3fOCTn VWBxc4Dr+BSb6B/yu6dqSqba8Lvh+H5rdOcTSRQj9NTqaZDgMdhoiNR2c3ibPlIodxer aoQRlCyNmjPuaLtEh877MXKNCiV5sSel8kv4yZuloR4gJYgrJes6BpB5P+yc+Fv5Uc6e 53iGCWJPyDbuELCVkvyu8wDJowOdV1/WZWPfEC13Kk7Fl7EC7SviUCFioyJ0EVX2RBjl eTAJBY5TB2sIwf3Sb6e0i0E1VJ0sV/PaVGzUJzwGehRqgGAzHC5Zy7xnNbutVESsbzTs pJZQ== X-Gm-Message-State: ALyK8tJl7dPPhZ6URvtM+CvaUMgRQpZasRL/9Wr7fEJsfHarNwDkd6e0bDqIU0PKA1IixZedjdOcTNJNrHbhPw== MIME-Version: 1.0 X-Received: by 10.157.14.131 with SMTP id 3mr5359829otj.83.1465115470545; Sun, 05 Jun 2016 01:31:10 -0700 (PDT) Received: by 10.157.26.106 with HTTP; Sun, 5 Jun 2016 01:31:10 -0700 (PDT) In-Reply-To: References: Date: Sun, 5 Jun 2016 04:31:10 -0400 Message-ID: To: Pierre Joye Cc: PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: scott@paragonie.com (Scott Arciszewski) Hi Pierre, On Thu, Jun 2, 2016 at 10:30 AM, Pierre Joye wrote: > hi Scott, > > On Wed, Jun 1, 2016 at 2:49 PM, Scott Arciszewski wrote: >> Hi PHP Internals Team, >> >> Let's begin discussing the prospect of adding libsodium as a core extension >> in PHP 7.1. I've updated the RFC to explain why this would be a good idea >> and the benefits it offers. >> >> https://wiki.php.net/rfc/libsodium >> >> If the subsequent discussion goes smoothly, I would like to open voting on >> June 15. >> >> Together, let's make PHP cryptography so safe that it becomes boring. > > Good work and very good choice for the backend library. > > I am overall in favor of having this extension in the core. However a > couple of things are sub optimal or not ideal (in no special order): > > > - \Sodium\library_version_major() \Sodium\library_version_minor() and > \Sodium\version_string() should be constants I agree. > For \Sodium\version_string(), the name is not consistent as it refers > to the library version not the extension version ("Returns a string > identifier of the current version of the sodium library installed.") > (edit: used would better represent what is actually happening) > > > - memzero, memcmp, hex2bin > > I am not totally convinced that memzero and maybe memcmp names are > good nor they should be there. Both would be very useful as operator > on variables. Given the simplicity of the implementations, it could be > very useful in many other areas in case this ext is not installed IMO: memzero is fine; memcmp isn't that great. For what it's worth, we have hash_equals() already. > For hex2bin, the optional parameter could be added to the existing > functions. As this function does not require crypto safe > implementation (and does not need from an implementation), we should > have them as part of the engine instead. We should seriously just make bin2hex, hex2bin, base64_encode, and base64_decode constant-time now so we don't have to worry later when some clever CS post-doc find a way to exfiltrate crypto keys through cache misses. That calls for a separate RFC, but there's no salient argument against this change. > - buf and other abbreviations should be better. I think we had a > discussion some time ago about how to provide interfaces for non C > developers. No argument there. > - compare should be string_compare, or it could be confusing about > what it can compare, especially in code review while checking crypt > code, where many other types come into the game This is an excellent point. > > Cheers, > -- > Pierre > > @pierrejoye | http://www.libgd.org Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises