Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Becomes First Programming Language To Add 'Modern' Cryptography Library In Its Core (bleepingcomputer.com)

Posted by BeauHD on from the center-of-the-earth dept.

An anonymous reader writes from a report via BleepingComputer: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017. Scott Arciszewski, the cryptography expert who made the proposal, says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed here. Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

5 of 204 comments (clear)

  1. SubjectsSuck by aardvarkjoe · · Score: 4, Informative

    Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

    So it's the first to support a modern cryptography library, as long as you define "modern" to mean "the one that we're using."

    It's easy to be first to do something if you place enough arbitrary restrictions on what that something is.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  2. Too little... too late... by __aaclcg7560 · · Score: 3, Informative

    I got tired of script kiddies banging down my PHP/MySQL servers. I'm using Pelican (Python) to convert my websites into static websites. With nothing to hack, script kiddies go away.

  3. Re:Oh please by Vairon · · Score: 5, Informative

    PHP has a comparison operator === that evaluates if the two things it is comparing are equal and of the same type.

    $ php -r "if (\"0E54321\" === \"0E12345\") { echo 'equal'; } else { echo 'not equal'; } "
    not equal

    Without ===, variable type conversion can cause a string containing numbers to be converted to an integer. See these links for details:

    http://php.net/manual/en/langu...
    http://php.net/manual/en/langu...

  4. Re: Oh please by Edgewize · · Score: 4, Informative

    Or more relevantly, I think this is what the original poster was referring to:
    https://www.whitehatsec.com/bl...

    Here are some examples of PHP doing mind boggling things with md5 and sha1 hashes.

    https://3v4l.org/tT4l8

  5. Re:Oh please by Anonymous Coward · · Score: 0, Informative

    The comparison operators are transitive as long as you don't mix types.

    Don't feel bad, a lot of beginners don't realize that comparison and automatic type conversions are separate operations...