On Tue, Aug 4, 2015 at 11:50 AM, Pierre Joye <pierre....@gmail.com> wrote:
> On Tue, Aug 4, 2015 at 3:54 AM, Scott Arciszewski <sc...@paragonie.com> wrote:
>> Hi,
>>
>> I would like to make it easier for PHP developers to implement
>> cryptography features in their applications. I intend to work on some
>> of these ideas and submit them for inclusion in PHP 7.1.
>
> Awesome and long due work :)
>
>> Some of these might be familiar to some of you.
>>
>> 1. Pluggable Cryptography Frontend
>>
>> Work is currently underway for a PHP prototype for this idea
>> originally suggested by ircmaxell, that will basically be like PDO for
>> cryptography. Our current project name, subject to change, is PHP
>> Crypto Objects (PCO).
>>
>> The idea is that you could write code like this to add secure
>> authenticated encryption to your application without having to worry
>> about the details.
>>
>> $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>> $ciphertext = $AES->encrypt($plaintext, $someKey);
>>
>> $PKC = new \PCO\Asymmetric('libsodium');
>> $offlineDecryptable = $PKC->seal($plaintext, $someX25519PublicKey);
>>
>> When it's finished, I'd like to turn it into a PECL extension so users
>> can play with it in PHP 7.0 and submit it for inclusion in 7.1.
>
> I like the idea of a common API for all possible supported backend. I
> am however really convinced about the one proposed here. That's
> something we will need to really design well and userfriendly.
>
>> 2. Cache-timing-safe character encoding functions
>>
>> Alternatives for existing functions that should function like their
>> unsafe counterparts, but without branches or data-based index lookups.
>>
>> * hex2bin() -> hex2bin_ts()
>> * bin2hex() -> bin2hex_ts()
>> * base64_encode() -> base64_encode_ts()
>> * base64_decode() -> base64_decode_ts()
>
> For most functions I would prefer an option.
>
>
> --
> Pierre
>
> @pierrejoye | http://www.libgd.org
This isn't a replacement, they're alternatives. -> means related to in
this case, not "becomes" :)
Or do you mean to add a parameter to the existing functions to make
them constant time?
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
