(See Laravel/Internals repository instead!) #17286
Comments
|
Thank you :) But suggestions are posted on the https://github.com/laravel/internals repo. |
|
I think it's very unlikely Laravel will be making any major changes like this in 2017. We've still got users recovering from the migration away from mcrypt. If Laravel does switch in the future, I think it'd be important that the library is stable and mature. |
|
@GrahamCampbell Sure, but when the day does arrive (after v1.0.0 is tagged, which won't happen unless/until it passes a cryptography audit), here's the recommendation. Opened laravel/ideas#374 in the correct place. |
paragonie-scott
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been working on a pure PHP implementation of the cryptography features offered by libsodium. It rests at paragonie/sodium_compat.
One important detail: sodium_compat opportunistically uses the PHP extension in PECL if it exists. Additionally, sodium_compat includes a lot of built-in design decisions to reduce the risk of cache-timing vulnerabilities.
The algorithms implemented include:
crypto_auth())crypto_secretbox())crypto_sign())crypto_scalarmult(),crypto_kx())crypto_box(),crypto_box_seal())crypto_generichash(), etc.)crypto_shorthash())However, sodium_compat has yet to be audited by an independent third party. I'm filing an issue now to kick off any planning or discussion necessary to make sodium_compat available to Laravel users as soon as it gets audited. (I'd also like to gauge interest in seeing this in a future Laravel release.)
The text was updated successfully, but these errors were encountered: