Hi All
I am sorry if this has been asked before... I have searched the
internals list and also many of the other php lists but couldnt find
any conclusive answer.
The question is, are there any plans to include integrated encryption
routines in the php core?
At the moment the optional mcrypt library is needed and this is often
not installed so a fall back is needed were the routines are written
in pure php.
Since the mcrypt library is released under the GPL and php under the
php 3.0 licence I guess the option to integrate the solutions isnt
available so the other option would be for php to include their own
encryption routines.
Is this planned or is this even an option?
Also as you can imagine trying to do asymmetrical encryption in pure
php isnt very efficient so if the above is planned would it at the
same time be possible to include so kind of asymmetrical routine such
as diffie-hellman or the like?
Many thanks for any response.
Regards
Mark
Since the mcrypt library is released under the GPL and php under the
php 3.0 licence I guess the option to integrate the solutions isnt
available so the other option would be for php to include their own
encryption routines.
libmcrypt is LGPL, not GPL - which allows it to bundled it with PHP.
Is this planned or is this even an option?
This is definitely not planned - we rather not bundle any library, and
definitely not an LGPL library.
Reinventing the wheel by providing encryption routines in PHP does not
make sense really. PHP is meant to be a glue to provide access to
libraries, and not meant to be reimplementing them.
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
(earlier message, sending to list)
Derick Rethans wrote:
This is definitely not planned - we rather not bundle any library, and
definitely not an LGPL library.Reinventing the wheel by providing encryption routines in PHP does not
make sense really. PHP is meant to be a glue to provide access to
libraries, and not meant to be reimplementing them.
The issue in my mind is one of portability. It would be nice, as a
developer working in PHP, to be able to rely on functionality like
encryption (and other unrelated goodies) being available on Joe User's
$5/month webhost who don't go around installing fancy packages.
The issue in my mind is one of portability. It would be nice, as a
developer working in PHP, to be able to rely on functionality like
encryption (and other unrelated goodies) being available on Joe User's
$5/month webhost who don't go around installing fancy packages.
We know. However, right now encryption does rise to that level for
us.
First, this attitude isn't scalable. (i.e. should PHP bundle
everything? libxml2? MySQL? where is the line?)
Second, the whole point of libaries is that you shouldn't need to
bundle them with every package. We would prefer education instead of
working around the problem.
Third, there are all sorts of nasty export restrictions in some
countries w/r/t crypto and I don't want to get involved with that.
We've hashed this type of issue over many times. I can assure you, we
won't bundle crypt at this time. It's not worth debating,
really. Please don't continue asking as it will only annoy
people. Honestly. :)
-adam
--
adam@trachtenberg.com | http://www.trachtenberg.com
author of o'reilly's "upgrading to php 5" and "php cookbook"
avoid the holiday rush, buy your copies today!