On Mon, Dec 12, 2016 at 10:26 AM, Sammy Kaye Powers <m...@sammyk.me> wrote: > Hey internals! > > As pointed out in Paragon's excellent blog post, > openssl_public_encrypt() & openssl_private_decrypt() defaults to the > insecure OPENSSL_PKCS1_PADDING constant. > > https://paragonie.com/blog/2016/12/everything-you-know-about-public-key-encryption-in-php-is-wrong#php-openssl-rsa-bad-default > > What are your thoughts about deprecating OPENSSL_PKCS1_PADDING and > using OPENSSL_PKCS1_OAEP_PADDING as the new default? > > Thanks, > Sammy Kaye Powers > sammyk.me > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >
There was a little bit of discussion here previously. http://externals.io/thread/442#email-12842 Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
