rfc:timing_safe_encoding
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:timing_safe_encoding [2015/03/13 18:11] – created sarciszewski | rfc:timing_safe_encoding [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== PHP RFC: Your Title Here ====== | + | ====== PHP RFC: Timing Safe Encoding Functions |
- | * Version: 0.9 | + | * Version: 0.1 |
- | * Date: 2013-03-13 | + | * Date: 2015-03-13 |
* Author: Scott Arciszewski, | * Author: Scott Arciszewski, | ||
* Status: Under Diiscussion | * Status: Under Diiscussion | ||
Line 7: | Line 7: | ||
===== Introduction ===== | ===== Introduction ===== | ||
+ | |||
Cryptography libraries written in PHP often store encryption keys in an alternate encoding (Base-16 or Base-64, as specified in RFC 4648). However, the way these functions are trivially implemented open the door to possible cache-timing attacks which could be used to steal encryption keys, even if the encryption is well-implemented. | Cryptography libraries written in PHP often store encryption keys in an alternate encoding (Base-16 or Base-64, as specified in RFC 4648). However, the way these functions are trivially implemented open the door to possible cache-timing attacks which could be used to steal encryption keys, even if the encryption is well-implemented. | ||
Line 12: | Line 13: | ||
A number of functions that already exist will have a timing-safe alternative exposed to PHP developers. | A number of functions that already exist will have a timing-safe alternative exposed to PHP developers. | ||
- | * `bin2hex` -> `bin2hex_ts` | + | * bin2hex() |
- | * `hex2bin` -> `hex2bin_ts` | + | * hex2bin() -> hex2bin_ts() |
- | * `base64_encode` -> `base64_encode_ts` | + | * base64_encode() -> base64_encode_ts() |
- | * `base64_decode` -> `base64_decode_ts` | + | * base64_decode() -> base64_decode_ts() |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 22: | Line 23: | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | This proposal targets the 7.0 release of PHP. | + | This proposal targets the 7.0 release of PHP. Or 7.1 if it's too late. |
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
Line 30: | Line 31: | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | An incomplete patch is being developed in [https:// | + | An incomplete patch is being developed in [[https:// |
===== References ===== | ===== References ===== | ||
- | * [It's All About Time](http:// | + | |
rfc/timing_safe_encoding.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1