PHP 7.2

Alles, was PHP betrifft, kann hier besprochen werden.

PHP 7.2

Postby alaryk » 23. December 2017 14:34

Hi,

XAMPP 7.2 with PHP 7.2 on board is out which is absolutely great. Thank you very much for such a quick release, especially that PHP 7.2 introduces several great and important improvements.

One of them is the inclusion of the new cryptography library (libsodium, a fork of the highly praised NaCl [1]) as a core feature of PHP (meaning it is automatically loaded and active) [2]. This is accompanied by the total removal of obsolete mcrypt functions. Unfortunately, the version of PHP provided with the latest release of XAMPP has been compiled WITHOUT libsodium [3]. This means that the only remaining library for crypto is OpenSSL, considered by many as not completely safe (i.e. its pseudorandom byte generator functions).

Does anyone know:
1) if the omission of the libsodium in the latest release of XAMPP was on purpose
2) whether there is any chance to have it included in the next releases?

[1] https://dev.to/paragonie/php-72-the-first-programming-language-to-add-modern-cryptography-to-its-standard-library
[2] http://php.net/manual/en/sodium.setup.php
[3] https://stackoverflow.com/questions/45755795/using-libsodium-in-php-7-2

Best,

Adam

PS. I do know that libsodium can be loaded as PECL extension, but I would like to specifically ask about its inclusion as a PHP core library.
alaryk
 
Posts: 3
Joined: 23. December 2017 14:19
XAMPP version: 7.2
Operating System: OSX/WIN/Linux

Re: PHP 7.2

Postby Nobbie » 25. December 2017 13:32

What would be the goal of integrating cryptography library into a development-only environment? Why is OpenSSL not sufficient for local PHP development?
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04

Re: PHP 7.2

Postby alaryk » 27. December 2017 18:47

The use of cryptography is the de facto standard for many online applications. The new EU law (enforced from May 2018 [1]) means that personal data protection will need to reach a whole new level. Therefore, modern encryption and one-way hashing algorithms with proven resistance to attacks will become extremely important. Libsodium introduces a variety of cutting-edge cryptography primitives - e.g. Eliptic Curve Algorithm X25519, Ed25519, Xsalsa20poly1305, BLAKE2 ("SHA3"), Argon2, SipHash-2-4 (great for hash tables), Authenticated Encryption with ChaCha20-Poly1305. Their use in place of the older ones (i.e. provided by OpenSSL) has been proven very beneficial, for example by the recent ROBOT RSA vulnerability, which affected even Facebook [2,3]. The ability to thoroughly test encryption in the development environment and on a local machine is absolutely crucial before deployment because of the need for security auditing and performance optimisation.

[1] https://en.wikipedia.org/wiki/Data_Protection_Directive
[2] https://thehackernews.com/2017/12/bleichenbacher-robot-rsa.html
[3] https://robotattack.org/
alaryk
 
Posts: 3
Joined: 23. December 2017 14:19
XAMPP version: 7.2
Operating System: OSX/WIN/Linux

Re: PHP 7.2

Postby Nobbie » 27. December 2017 20:59

Blah blah blah...

That does not answer my question, What is the idea of having a PHP version which is superior to any webhoster? Please show me at least ten providers which provide PHP 7.2 including the encryption. You dont even can show one.

In matters of crucial security: my website is www.syraha.de, I ask you to hack my FTP account, which is so crucial insecure and you get $10,000 from me. If you can't make it, just shut up with your garbage. Good luck, how long will you take?
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04

Re: PHP 7.2

Postby alaryk » 28. December 2017 12:20

Wow, mate, you must have got seriously stressed over the Christmas... :lol:
I really do not want to argue with you about the fact that Libsodium is included as core in PHP >= 7.2 nor whether it is justified. I am merely asking if anyone knows a reason why it is not included in the latest XAMPP release which is listed to have PHP 7.2 onboard.
alaryk
 
Posts: 3
Joined: 23. December 2017 14:19
XAMPP version: 7.2
Operating System: OSX/WIN/Linux

Re: PHP 7.2

Postby Altrea » 28. December 2017 13:37

Hi,

XAMPP includes the official PHP binaries provided by php.net. The XAMPP development team don't compile PHP itself.
So if libsodium is not present in XAMPPs PHP binaries, they are not present in the official php.net binaries too.

best wishes,
Altrea
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: PHP 7.2

Postby Nobbie » 28. December 2017 21:43

alaryk wrote:I really do not want to argue with you about the fact that Libsodium is included as core in PHP >= 7.2 nor whether it is justified. I am merely asking if anyone knows a reason why it is not included in the latest XAMPP release which is listed to have PHP 7.2 onboard.



Altrea wrote:Hi,
XAMPP includes the official PHP binaries provided by php.net. The XAMPP development team don't compile PHP itself.
So if libsodium is not present in XAMPPs PHP binaries, they are not present in the official php.net binaries too.



And now Mr. Crucial Blah blah? Did you have a nice christmas like me, or what makes you so crucial crucial wrong? Oups!
Nobbie
 
Posts: 13165
Joined: 09. March 2008 13:04


Return to PHP

Who is online

Users browsing this forum: No registered users and 51 guests