Re: [PHP-DEV] PHP Crypt functions - security audit

2013-09-16 Thread Alain Williams
On Mon, Sep 16, 2013 at 01:44:16PM +0100, Alain Williams wrote: > > Note that most of these things don't refer to PHP directly. i.e. > > encryption between user and PHP is usually done by the web server. > > Encryption between PHP and databases by database libraries. If > > applications built on t

Re: [PHP-DEV] PHP Crypt functions - security audit

2013-09-16 Thread Alain Williams
On Mon, Sep 16, 2013 at 01:56:58PM +0200, Johannes Schlüter wrote: > On Mon, 2013-09-16 at 11:56 +0100, Alain Williams wrote: > > In the light of the recent scandal of the NSA (& others) attacking > > encryption > > would it be a good idea to see if we can get an audit of all the security > > rela

Re: [PHP-DEV] PHP Crypt functions - security audit

2013-09-16 Thread Johannes Schlüter
On Mon, 2013-09-16 at 11:56 +0100, Alain Williams wrote: > In the light of the recent scandal of the NSA (& others) attacking encryption > would it be a good idea to see if we can get an audit of all the security > related code in PHP ? It would do a bit to help boost confidence in PHP - and > migh