On Thu, Jan 7, 2016 at 10:54 AM, Scott Arciszewski <sc...@paragonie.com> wrote: > On Thu, Jan 7, 2016 at 10:52 AM, Rouven Weßling <m...@rouvenwessling.de> > wrote: >> Hi Scott, >> >> questions inline. >> >>> On 07 Jan 2016, at 14:26, Scott Arciszewski <sc...@paragonie.com> wrote: >>> >>> I've updated the RFC to make libsodium a core PHP extension in 7.1, to >>> include references to the online documentation. >>> >>> https://wiki.php.net/rfc/libsodium >> >> I know this is made difficult by the fact that this is an existing, stable >> PECL extension, which also supports older PHP versions but I don’t think >> it’s a good idea to introduce more functions that duplicate things handled >> already in core (I don’t mean in ext-openssl as lib sodium would be an >> alternative to that extension). I’d rather see less duplication, not more. >> >> From a quick glance the following functions seems to be already covered: >> \Sodium\memcmp >> \Sodium\bin2hex >> \Sodium\hex2bin >> \Sodium\randombytes_buf >> \Sodium\randombytes_uniform >> \Sodium\randombytes_random16 >> >> If their implementation is better than the core implementation, core should >> be fixed. >> >> Do the hashing functions have any advantage over those provided by ext-hash? >> >> There are also a couple of other functions whose value I’d question, I’ll >> send an email about those later. >> >>> This is part of an overall effort to improve PHP's cryptography; up >>> next will be the pluggable crypto API that supports multiple backends >>> (with a scope limited to openssl and libsodium at the time of release) >>> but always provide conservative defaults. >> >> A more general question: I haven’t looked at your prototype for a higher >> level API yet, but I’m wondering if it’s still necessary to introduce >> another low level API? When would I choose to use the latter? >> >> Best regards >> Rouven > > The high-level API ties the user's hands and doesn't give them direct > access to primitives. You can't use it for AES-256-ECB, you can only > use it for AES-256-CTR+HMAC-SHA-384, with an encoded and > version-tagged output, for example. > > You still need ext/libsodium if you need to use any of its features > directly, such as \Sodium\memzero(). > > Scott Arciszewski > Chief Development Officer > Paragon Initiative Enterprises <https://paragonie.com>
To clarify: You can swap out AES-256 for AES-192, or SHA-384 for SHA-256, etc. You cannot swap out the protocol construction for anything other than Encrypt then MAC. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
