Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Becomes First Programming Language To Add 'Modern' Cryptography Library In Its Core (bleepingcomputer.com)

Posted by BeauHD on from the center-of-the-earth dept.

An anonymous reader writes from a report via BleepingComputer: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017. Scott Arciszewski, the cryptography expert who made the proposal, says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed here. Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

4 of 204 comments (clear)

  1. Re:So they'll be the first to do it wrong? by c · · Score: 4, Funny

    I'll stick to every other language that has had libsodium bindings for a while now.

    I'm just waiting for them to release the libsodium bindings for C...

    --
    Log in or piss off.
  2. Gotta love PHP ... by Qbertino · · Score: 3, Funny

    I'm smiling while I read this.

    Every single bit of this news is sooo PHP and one of the reasons this awkward mess of a PL is so successful.

    They find something new or something they need and bolt it on. Just like that. End of story. A vote on the core team, a little coding and *BAM* PHP has a new inner API function with what has to be the most over-the-top all-out-PHP-style name for an inner API function ever - sodium_crypto_box_keypair_from_secretkey_and_publickey($ecdh_secret, $ecdh_public); (seriously, this is no joke).

    Totally LOL. Takes the cake for inner function names ten times over, even by PHP standards, which is quite a stunt. And right away PHP has up-to-date hard crypto that even a simpleton can use.

    You have to hand it to the PHP crew - they actually get shit done, no matter what. :-)

    --
    We suffer more in our imagination than in reality. - Seneca
  3. Re:Oh please by fahrbot-bot · · Score: 4, Funny

    PHP has a comparison operator === that evaluates if the two things it is comparing are equal and of the same type.

    The next version will support "====" for things are really, *really* equal.

    --
    It must have been something you assimilated. . . .
  4. And it'll be a shitshow because of course it is by Just+Some+Guy · · Score: 4, Funny
    Sneak preview of the API:

    crypto_really_encode(plaintext, algorithm); // Simplest
    crypto_really_encode(plaintext, mode, algorithm); // Next arg goes in the middle
    crypto_really_encode(block_size, plaintext, algorithm, mode); // Switch it up yo lol

    ...where AES will somehow be a valid value for both mode and algorithm (which will silently override to "NULL" if plaintext starts with a zero or the letter "p").

    --
    Dewey, what part of this looks like authorities should be involved?