Hi Scott, questions inline.
> On 07 Jan 2016, at 14:26, Scott Arciszewski <sc...@paragonie.com> wrote: > > I've updated the RFC to make libsodium a core PHP extension in 7.1, to > include references to the online documentation. > > https://wiki.php.net/rfc/libsodium I know this is made difficult by the fact that this is an existing, stable PECL extension, which also supports older PHP versions but I don’t think it’s a good idea to introduce more functions that duplicate things handled already in core (I don’t mean in ext-openssl as lib sodium would be an alternative to that extension). I’d rather see less duplication, not more. From a quick glance the following functions seems to be already covered: \Sodium\memcmp \Sodium\bin2hex \Sodium\hex2bin \Sodium\randombytes_buf \Sodium\randombytes_uniform \Sodium\randombytes_random16 If their implementation is better than the core implementation, core should be fixed. Do the hashing functions have any advantage over those provided by ext-hash? There are also a couple of other functions whose value I’d question, I’ll send an email about those later. > This is part of an overall effort to improve PHP's cryptography; up > next will be the pluggable crypto API that supports multiple backends > (with a scope limited to openssl and libsodium at the time of release) > but always provide conservative defaults. A more general question: I haven’t looked at your prototype for a higher level API yet, but I’m wondering if it’s still necessary to introduce another low level API? When would I choose to use the latter? Best regards Rouven -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
