Encryption in php core?
Posted: Mon Aug 22, 2005 10:08 am
During a discussion, Feyd brought up the idea of having a public discussion about the lack of secure encryption functions in php's core.
Mcrypt is of course an extension to php - one that is often not installed. Crypt, on the other hand, is a core function, but as we've discussed in other threads, the options available in crypt are generally considered not secure enough.
The net result for programmers targetting a wide audience that may or may not have mcrypt installed, is that you have to include replacement PHP functions for any secure crypt you want to do.
I'm curious how many members here consider crypt a critical function that needs to be included in the core of PHP (ie, not an extension).
The PHP internals group is discussing wishlist ideas for PHP6, so now would be an ideal time to mention it as an idea.
Share your thoughts on the idea, please.
Mcrypt is of course an extension to php - one that is often not installed. Crypt, on the other hand, is a core function, but as we've discussed in other threads, the options available in crypt are generally considered not secure enough.
The net result for programmers targetting a wide audience that may or may not have mcrypt installed, is that you have to include replacement PHP functions for any secure crypt you want to do.
I'm curious how many members here consider crypt a critical function that needs to be included in the core of PHP (ie, not an extension).
The PHP internals group is discussing wishlist ideas for PHP6, so now would be an ideal time to mention it as an idea.
Share your thoughts on the idea, please.