Differences

This shows you the differences between two versions of the page.

--- rfc:mcrypt-viking-funeral [2016/03/15 17:22] – sarciszewski
+++ rfc:mcrypt-viking-funeral [2016/03/15 17:33] – sarciszewski
@@ Line 20: / Line 20: @@
 ===== Backward Incompatible Changes =====
-Any cryptography code that depends on mcrypt will need to be refactored against openssl. This isn't as difficult as it sounds, provided you're using a trustworthy cipher (e.g. MCRYPT_RIJNDAEL_128). Based on [[https://3v4l.org/m4P2C|this 3v4l]], I can generally conclude that the following MCRYPT ciphers are not supported by openssl:
+Any cryptography code that depends on mcrypt will need to be refactored against openssl. This isn't as difficult as it sounds, provided you're using a trustworthy cipher (e.g. MCRYPT_RIJNDAEL_128). Based on [[https://3v4l.org/m4P2C|this 3v4l]], I can generally conclude that the following MCRYPT ciphers are not currently supported by openssl:
   * GOST
@@ Line 34: / Line 34: @@
   * Enigma
-This is an acceptable loss: Most of the ciphers in the list above should not be used in new software anyway. Most cryptography experts would consider their inclusion in any software written in 2016 to be a code smell and indicative of a bad protocol design. Some of thme (e.g. Enigma) are outright insecure.
+This is an acceptable loss: Most of the ciphers in the list above should not be used in new software anyway. Most cryptography experts would consider their inclusion in any software written in 2016 to be a code smell and indicative of a bad protocol design. Some of them (e.g. Enigma) are outright insecure and should not be used at all.
 ===== Proposed PHP Version(s) =====
@@ Line 59: / Line 59: @@
 ===== Patches and Tests =====
-If this RFC is accepted, I will author the patch to expunge ext/mcrypt.
+If this RFC is accepted, I will author the patches to deprecate (and eventually expunge) ext/mcrypt.
 ===== References =====

Differences

Page Tools