As per the conversation on this Pull Request https://github.com/php/php-src/pull/909#issuecomment-71077928
What functions are involved in real world PHP applications (frameworks, popular CMSes, etc) that operate on encoded encryption keys that might benefit from having a timing-safe implementation? So far, I can identify: - bin2hex() - hex2bin() - base64_encode() - base64_decode() - json_encode() - json_decode() - parse_ini_file() I think it would be great to compile a master list of which functions are commonly used to store long-term encryption keys (random bytes that could cause parse errors). Also, would it be better to use a prefix (e.g. ts_*), a class with static methods (e.g. TimingSafe::bin2hex()), or functions in a namespace (e.g. \TimingSafe\bin2hex())? Scott P.S. At this point, I'm also withdrawing my participation of this discussion. If you don't think it's worthwhile to fix this, that's your decision. I've had some major life events happen and I no longer have time to debate this. Thanks for understanding.
