I'm of the opinion, this: On 26 November 2014 at 19:45, Anthony Ferrara <ircmax...@gmail.com> wrote: > > The two mcrypt functions, IMHO **MUST** be made timing safe, no matter > what, since they **always** deal with sensitive information. >
Extended to any crypto functions too. But for everything else, this: On 26 November 2014 at 20:45, Korvin Szanto <korvinsza...@gmail.com> wrote: > I don't like the idea of any mandatory slow down, trivial or not. This > should be opt in. And by opt-in, my preference would be ts_* via pecl. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
