rfc:mcrypt-viking-funeral
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:mcrypt-viking-funeral [2016/03/16 17:26] – sarciszewski | rfc:mcrypt-viking-funeral [2016/07/11 12:09] – this RFC has been implemented cmb | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2016-01-09 | * Date: 2016-01-09 | ||
* Author: Scott Arciszewski, | * Author: Scott Arciszewski, | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 67: | Line 67: | ||
Problems with this code: | Problems with this code: | ||
- | | + | |
* It's using [[https:// | * It's using [[https:// | ||
* It's attempting to generate an IV for ECB mode (which is a waste of CPU since IVs aren't used in ECB mode) | * It's attempting to generate an IV for ECB mode (which is a waste of CPU since IVs aren't used in ECB mode) | ||
* It's using MCRYPT_RAND for IV generation, which isn't a CSPRNG | * It's using MCRYPT_RAND for IV generation, which isn't a CSPRNG | ||
* fnEncrypt() will rtrim() null bytes off the encrypted value before base64 encoding it, which means a 1/256 chance of data corruption that prevents decryption | * fnEncrypt() will rtrim() null bytes off the encrypted value before base64 encoding it, which means a 1/256 chance of data corruption that prevents decryption | ||
- | * fnDecrypt() will rtrim() null bytes off the decrypted plaintext, which means if your plaintext message was raw binary (e.g. gzip compressed), | + | * fnDecrypt() will rtrim() null bytes off the decrypted plaintext, which means if your plaintext message was raw binary (e.g. gzip compressed), |
* There is no MAC, so you transmit this over a network, [[https:// | * There is no MAC, so you transmit this over a network, [[https:// | ||
Line 124: | Line 124: | ||
Since this would break backwards compatibility, | Since this would break backwards compatibility, | ||
- | <doodle title=" | + | <doodle title=" |
* Yes | * Yes | ||
* No | * No | ||
Line 133: | Line 133: | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | If this RFC is accepted, I will author the patches to deprecate ext/mcrypt. | + | Patches are available: |
+ | * < | ||
+ | * < | ||
===== References ===== | ===== References ===== |
rfc/mcrypt-viking-funeral.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1