To be honest, I've thought about it today and think that it could be great! :) I'd love to help if it's possible in any way I can :)
On Thu, Sep 20, 2012 at 5:48 PM, Chad Emrys <ad...@codeangel.org> wrote: > Hello, > > I was wondering how difficult it would be to add access to a standard > authenticated encryption mode in openssl. I was looking and trying to > figure out how to do this in PHP, seems you have to do it the old fashioned > way that's way too prone to error, basically encrypt and mac yourself. > This has been shown to be really easy to mess up, but now we have > standards such as GCM, CCM, and EAX. GCM seems to be the popular choice > since it's the fastest, unencumbered by patents, and adopted by NIST. > (Also personally like GCM, because that's also what the JCE went with and I > have interest in using encryption between Java and PHP). It seems openssl > lib in C does have support for GCM, so I was wondering how difficult would > it be to offer such cipher options in PHP's openssl functions such as > "aes-128-gcm" etc... Possibly throwing an error when the tag fails (or > maybe something better, as if the user has display errors on, there have > been known attacks letting an attacker know if the tag failed vs other > reasons decryption failed). > > Chad > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
