rfc:timing_safe_encoding

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
rfc:timing_safe_encoding [2015/03/13 18:11] – created sarciszewskirfc:timing_safe_encoding [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== PHP RFC: Your Title Here ====== +====== PHP RFC: Timing Safe Encoding Functions ====== 
-  * Version: 0.9 +  * Version: 0.1 
-  * Date: 2013-03-13 (use today's date here)+  * Date: 2015-03-13
   * Author: Scott Arciszewski, scott@arciszewski.me   * Author: Scott Arciszewski, scott@arciszewski.me
   * Status: Under Diiscussion   * Status: Under Diiscussion
Line 7: Line 7:
  
 ===== Introduction ===== ===== Introduction =====
 +
 Cryptography libraries written in PHP often store encryption keys in an alternate encoding (Base-16 or Base-64, as specified in RFC 4648). However, the way these functions are trivially implemented open the door to possible cache-timing attacks which could be used to steal encryption keys, even if the encryption is well-implemented. Cryptography libraries written in PHP often store encryption keys in an alternate encoding (Base-16 or Base-64, as specified in RFC 4648). However, the way these functions are trivially implemented open the door to possible cache-timing attacks which could be used to steal encryption keys, even if the encryption is well-implemented.
  
Line 12: Line 13:
 A number of functions that already exist will have a timing-safe alternative exposed to PHP developers. A number of functions that already exist will have a timing-safe alternative exposed to PHP developers.
  
-  * `bin2hex-> `bin2hex_ts` +  * bin2hex()  -> bin2hex_ts() 
-  * `hex2bin-> `hex2bin_ts` +  * hex2bin() -> hex2bin_ts() 
-  * `base64_encode-> `base64_encode_ts` +  * base64_encode() -> base64_encode_ts() 
-  * `base64_decode-> `base64_decode_ts`+  * base64_decode() -> base64_decode_ts()
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 22: Line 23:
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
  
-This proposal targets the 7.0 release of PHP.+This proposal targets the 7.0 release of PHP. Or 7.1 if it's too late.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 30: Line 31:
 ===== Patches and Tests ===== ===== Patches and Tests =====
  
-An incomplete patch is being developed in [https://github.com/php/php-src/pull/1036](Pull Request 1036).+An incomplete patch is being developed in [[https://github.com/php/php-src/pull/1036|Pull Request 1036]].
  
 ===== References ===== ===== References =====
  
-* [It's All About Time](http://blog.ircmaxell.com/2014/11/its-all-about-time.htmlby Anthony Ferrara+  * [[http://blog.ircmaxell.com/2014/11/its-all-about-time.html|It's All About Time]] by Anthony Ferrara
  
rfc/timing_safe_encoding.1426270276.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools