Hey internals! As pointed out in Paragon's excellent blog post, openssl_public_encrypt() & openssl_private_decrypt() defaults to the insecure OPENSSL_PKCS1_PADDING constant.
https://paragonie.com/blog/2016/12/everything-you-know-about-public-key-encryption-in-php-is-wrong#php-openssl-rsa-bad-default What are your thoughts about deprecating OPENSSL_PKCS1_PADDING and using OPENSSL_PKCS1_OAEP_PADDING as the new default? Thanks, Sammy Kaye Powers sammyk.me -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
