Hi Scott, On Wed, Mar 23, 2016 at 3:29 AM, Scott Arciszewski <sc...@paragonie.com> wrote: > PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode(). > This covers part, but not all, of RFC 4648. > > I'd like to extend the coverage to include, at minimum, Base32. > > I'd also like to make these functions to be written to resist cache-timing > attacks (i.e. when used to encode/decode encryption keys for long-term > storage). Userland PoC: https://github.com/paragonie/constant_time_encoding > > http://blog.ircmaxell.com/2014/11/its-all-about-time.html > > These modifications can either be made in-place (at a negligble cost on the > scale of nanoseconds) or they can be an alternative implementation. i.e. > > * bin2hex_ts() > * base64_encode_ts() > * base32_encode_ts() > > Does anyone have any questions or concerns?
Sounds good to me and I would like to see these in next release. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
