Hi! > PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode(). > This covers part, but not all, of RFC 4648. > > I'd like to extend the coverage to include, at minimum, Base32.
What's the use case for it? Is anybody using base32 now? > I'd also like to make these functions to be written to resist cache-timing > attacks (i.e. when used to encode/decode encryption keys for long-term > storage). Userland PoC: https://github.com/paragonie/constant_time_encoding > These modifications can either be made in-place (at a negligble cost on the > scale of nanoseconds) or they can be an alternative implementation. i.e. What modification needs to be done for existing one? Since encoding functions (unlike comparison ones) have to process every bit anyway, so what are timing differences for e.g. base64? Is there any existing research for this? > > * bin2hex_ts() > * base64_encode_ts() > * base32_encode_ts() If you have encode functions, you should have decode too? Otherwise, you'd have the same issue every time the key is read. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
