Hi Scott,
I'm clearly very late to this party but, fwiw, ...
First: Great! Thank you. This is really needed. Chapeau!
Yes, a pluggable back-end is important. OSS crypto libs have some unhappy
history and it only makes sense to expect more.
When I reviewed cryptography.io, I really liked how the
> Am 05.08.2015 um 04:57 schrieb Pierre Joye :
>
> On Wed, Aug 5, 2015 at 3:40 AM, Bob Weinand wrote:
>>
>>> Am 3.8.2015 um 22:54 schrieb Scott Arciszewski :
>>>
>>> Hi,
>>>
>>> I would like to make it easier for PHP developers to implement
>>> cryptography features in their applications. I in
On Aug 5, 2015 9:17 AM, "Anthony Ferrara" wrote:
>
> All,
>
> > How about Anthony Ferrara (a board member for the
> > Password Hashing Contest)?
>
> For the record, my only involvement with the PHC is as a passive
> observer. I am not on the board nor have I been actively involved.
>
> Anthony
Y
All,
> How about Anthony Ferrara (a board member for the
> Password Hashing Contest)?
For the record, my only involvement with the PHC is as a passive
observer. I am not on the board nor have I been actively involved.
Anthony
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscr
On Mon, 3 Aug 2015 at 21:54 Scott Arciszewski wrote:
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>
> Some of these might be familiar to s
>
> So my question here is - how important task is switching crypto backends
> easily? Moreover, what would be the reason for me, as an app developer,
> to target more than one crypto backend? I can see why I may want to
> target mysql and say, SQL server - these two platforms have different
> adva
On Wed, Aug 5, 2015 at 3:40 AM, Bob Weinand wrote:
>
>> Am 3.8.2015 um 22:54 schrieb Scott Arciszewski :
>>
>> Hi,
>>
>> I would like to make it easier for PHP developers to implement
>> cryptography features in their applications. I intend to work on some
>> of these ideas and submit them for inc
On Wed, Aug 5, 2015 at 2:22 AM, Scott Arciszewski wrote:
> This isn't a replacement, they're alternatives. -> means related to in
> this case, not "becomes" :)
>
> Or do you mean to add a parameter to the existing functions to make
> them constant time?
Yes, when it makes sense (for most it may)
On Tue, Aug 4, 2015 at 10:18 PM, Scott Arciszewski wrote:
> On Tue, Aug 4, 2015 at 8:55 PM, Stanislav Malyshev
> wrote:
>> Hi!
>>
>>> The idea here isn't too far removed from what PDO does versus mysql_*,
>>> mssql_*, pgsql_*, etc. except it's probably more critical: Switch
>>> crypto backends w
On Tue, Aug 4, 2015 at 8:55 PM, Stanislav Malyshev wrote:
> Hi!
>
>> The idea here isn't too far removed from what PDO does versus mysql_*,
>> mssql_*, pgsql_*, etc. except it's probably more critical: Switch
>> crypto backends with almost zero refactoring; just change your
>> constructor.
>
> So
Hi!
> The idea here isn't too far removed from what PDO does versus mysql_*,
> mssql_*, pgsql_*, etc. except it's probably more critical: Switch
> crypto backends with almost zero refactoring; just change your
> constructor.
So my question here is - how important task is switching crypto backends
Hi!
> of the storage formats. Similar to the headers used by TLS and other
> formats. That way anyone can build to the specification, which would
> be maintained along side the implementation.
I'm not a big fan of the idea that to talk to the PHP script, I will
have now to have yet another set of
Hi!
> We're still discussing the DSN string for the constructor. These are
> what the options look like, currently:
I think it's better to separate the arguments. I understand why PDO
makes such strings - there can be all kinds of options, and it's hard to
configure - i.e. in ini files - if it's
> Am 3.8.2015 um 22:54 schrieb Scott Arciszewski :
>
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>
> Some of these might be familiar to
On Tue, Aug 4, 2015 at 11:50 AM, Pierre Joye wrote:
> On Tue, Aug 4, 2015 at 3:54 AM, Scott Arciszewski wrote:
>> Hi,
>>
>> I would like to make it easier for PHP developers to implement
>> cryptography features in their applications. I intend to work on some
>> of these ideas and submit them for
On Tue, Aug 4, 2015 at 2:23 PM, Stanislav Malyshev wrote:
>> * Adding streaming encryption/decryption support to OpenSSL
>
> Hm... Implementing streaming cyphers right is not trivial, and if we'd
> be doing our own crypto (as opposed to providing API to existing
> libraries) we need a real lot of
On Tue, Aug 4, 2015 at 3:54 AM, Scott Arciszewski wrote:
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
Awesome and long due work :)
> Some
Hi Anthony,
Am 04.08.2015 um 15:25 schrieb Anthony Ferrara:
> Lauri,
>
> On Tue, Aug 4, 2015 at 9:12 AM, Lauri Kenttä wrote:
>> On 2015-08-04 14:54, Scott Arciszewski wrote:
>>>
>>> we do not allow secure modes
>>
>> I hope that was a typo... ;)
>
> Indeed, it was not.
>
> If you want to build
On Tue, Aug 4, 2015 at 2:13 PM, Scott Arciszewski
wrote:
> On Tue, Aug 4, 2015 at 8:57 AM, Jakub Zelenka wrote:
> > Hi,
> >
> > On Mon, Aug 3, 2015 at 9:54 PM, Scott Arciszewski
> > wrote:
> >>
> >> Hi,
> >>
> >> I would like to make it easier for PHP developers to implement
> >> cryptography f
Lauri,
On Tue, Aug 4, 2015 at 9:12 AM, Lauri Kenttä wrote:
> On 2015-08-04 14:54, Scott Arciszewski wrote:
>>
>> we do not allow secure modes
>
>
> I hope that was a typo... ;)
Indeed, it was not.
The concept for this (I've been working with Scott on it) is that this
should be a high-level abst
On Tue, Aug 4, 2015 at 8:57 AM, Jakub Zelenka wrote:
> Hi,
>
> On Mon, Aug 3, 2015 at 9:54 PM, Scott Arciszewski
> wrote:
>>
>> Hi,
>>
>> I would like to make it easier for PHP developers to implement
>> cryptography features in their applications. I intend to work on some
>> of these ideas and s
On 2015-08-04 14:54, Scott Arciszewski wrote:
we do not allow secure modes
I hope that was a typo... ;)
On 2015-08-04 14:54, Scott Arciszewski wrote:
Version and configuration information (not what is passed, but what is
used) will be stored in the first few bytes of ciphertext output.
Will
Hi,
On Mon, Aug 3, 2015 at 9:54 PM, Scott Arciszewski
wrote:
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>
> Some of these might be fami
>
> >> Hi Peter,
> >>
> >> It's not really a "made-up string format", in the sense that it has a
> >> precedent (PDO).
> >>
> >
> > True, and that format sucks royally. It trips people up.
> >
> > Combining several arguments into one string is bad design. If it was good
> > design, you'd see userla
On Tue, Aug 4, 2015 at 8:06 AM, Peter Lind wrote:
> On 4 August 2015 at 13:56, Scott Arciszewski wrote:
>>
>>
>> Hi Peter,
>>
>> It's not really a "made-up string format", in the sense that it has a
>> precedent (PDO).
>>
>
> True, and that format sucks royally. It trips people up.
>
> Combining
On 4 August 2015 at 13:56, Scott Arciszewski wrote:
>
> Hi Peter,
>
> It's not really a "made-up string format", in the sense that it has a
> precedent (PDO).
>
>
True, and that format sucks royally. It trips people up.
Combining several arguments into one string is bad design. If it was good
de
On Tue, Aug 4, 2015 at 4:26 AM, Peter Lind wrote:
> On 4 August 2015 at 10:13, Lauri Kenttä wrote:
>>
>> On 2015-08-03 23:54, Scott Arciszewski wrote:
>>>
>>> $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>>
>>
>> It would be great if you could just ask for cipher=AES-128 without
>> ex
On Tue, Aug 4, 2015 at 4:13 AM, Lauri Kenttä wrote:
> On 2015-08-03 23:54, Scott Arciszewski wrote:
>>
>> $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>
>
> It would be great if you could just ask for cipher=AES-128 without
> explicitly specifying the provider (openssl).
>
> --
> Lauri
On Tue, Aug 4, 2015 at 3:23 AM, Stanislav Malyshev wrote:
> Hi!
>
>> 1. Pluggable Cryptography Frontend
>>
>> Work is currently underway for a PHP prototype for this idea
>> originally suggested by ircmaxell, that will basically be like PDO for
>> cryptography. Our current project name, subject to
On 4 August 2015 at 10:13, Lauri Kenttä wrote:
> On 2015-08-03 23:54, Scott Arciszewski wrote:
>
>> $AES = new \PCO\Symmetric('openssl:cipher=AES-128');
>>
>
> It would be great if you could just ask for cipher=AES-128 without
> explicitly specifying the provider (openssl).
>
>
Even better wo
On 2015-08-03 23:54, Scott Arciszewski wrote:
$AES = new \PCO\Symmetric('openssl:cipher=AES-128');
It would be great if you could just ask for cipher=AES-128 without
explicitly specifying the provider (openssl).
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To
Hi!
> 1. Pluggable Cryptography Frontend
>
> Work is currently underway for a PHP prototype for this idea
> originally suggested by ircmaxell, that will basically be like PDO for
> cryptography. Our current project name, subject to change, is PHP
> Crypto Objects (PCO).
It would be nice to see f
Scott,
On Mon, Aug 3, 2015 at 4:54 PM, Scott Arciszewski wrote:
> Hi,
>
> I would like to make it easier for PHP developers to implement
> cryptography features in their applications. I intend to work on some
> of these ideas and submit them for inclusion in PHP 7.1.
>
> Some of these might be f
Hi,
I would like to make it easier for PHP developers to implement
cryptography features in their applications. I intend to work on some
of these ideas and submit them for inclusion in PHP 7.1.
Some of these might be familiar to some of you.
1. Pluggable Cryptography Frontend
Work is currently
34 matches
Mail list logo
