Hi Internals Team, I'm sure everyone is really focused (and excited) for PHP 7.0.0 later this year, and many of you might not want to discuss what 7.1.x looks like yet.
The current state of cryptography in PHP is, well, abysmal. Our two main choices for handling symmetric cryptography are libmcrypt (collecting dust since 2007) and openssl, which lacks a streaming API (e.g. mcrypt_generic) and GCM support. While mcrypt is slowly decomposing in the corner and code is being desperately migrated towards openssl in case a critical vulnerability is discovered in the abandonware choice, the libsodium extension has been growing steadily. Thanks to Remi, it should soon be compatible with both PHP 5.x and 7.x (decided at compile-time). The libsodium library itself has landed in Debian 8 and Ubuntu 15.04 and adoption is expected to persist by the next Ubuntu LTS is released. I think now is a good time to talk about the possibility of making libsodium a core PHP extension, depending on where things are when we near the 7.1 feature freeze. I've just opened an RFC for precisely this purpose: https://wiki.php.net/rfc/libsodium Regards, Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com>
