New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please consider dropping requirement on MCrypt. #9020

Closed
remicollet opened this Issue Jun 3, 2015 · 14 comments

Comments

Projects
None yet
6 participants
@remicollet

remicollet commented Jun 3, 2015

lilbmcrypt is a dead project, unmainted for ~7years.
Some Enterprise Distribution simply don't provide it (e.g. RHEL)

Relying on a dead cow for cryptography just sounds terrible.

Please consider switching to openssl encryption which is much more common and wel maintained.

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Jun 3, 2015

Member

We are using both openssl and mcrypt. Taylor would probably accept a PR to 5.1 to remove the need for mcrypt, though I can't speak for him.

Member

GrahamCampbell commented Jun 3, 2015

We are using both openssl and mcrypt. Taylor would probably accept a PR to 5.1 to remove the need for mcrypt, though I can't speak for him.

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Jun 3, 2015

Member

5.1 will be our next and first LTS release btw, and will ship on Tuesday next week.

Member

GrahamCampbell commented Jun 3, 2015

5.1 will be our next and first LTS release btw, and will ship on Tuesday next week.

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Jun 3, 2015

Member

It's also php 5.5.9+ only. :)

Member

GrahamCampbell commented Jun 3, 2015

It's also php 5.5.9+ only. :)

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 3, 2015

It's also php 5.5.9+ only. :)

Which is fine ;) RHEL (with RHSCL 2.0) provides 5.5.21 and 5.6.5 ;)
But not mcrypt

remicollet commented Jun 3, 2015

It's also php 5.5.9+ only. :)

Which is fine ;) RHEL (with RHSCL 2.0) provides 5.5.21 and 5.6.5 ;)
But not mcrypt

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Jun 3, 2015

Member

Which is fine

Great. I'd quite like to see us dropping mcrypt too. :)

Member

GrahamCampbell commented Jun 3, 2015

Which is fine

Great. I'd quite like to see us dropping mcrypt too. :)

@jbrooksuk

This comment has been minimized.

Show comment
Hide comment
@jbrooksuk

jbrooksuk Jun 3, 2015

Contributor

Dropping mcrypt would be a great change! :)

Contributor

jbrooksuk commented Jun 3, 2015

Dropping mcrypt would be a great change! :)

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Jun 3, 2015

Member

I'll talk to Taylor about this later today and see what he thinks. :)

Member

GrahamCampbell commented Jun 3, 2015

I'll talk to Taylor about this later today and see what he thinks. :)

@base-zero

This comment has been minimized.

Show comment
Hide comment
@base-zero

base-zero commented Jun 3, 2015

👍

@taylorotwell

This comment has been minimized.

Show comment
Hide comment
@taylorotwell

taylorotwell Jun 3, 2015

Member

If it can be done in a backwards compatible way, sure.

Member

taylorotwell commented Jun 3, 2015

If it can be done in a backwards compatible way, sure.

@ibrasho

This comment has been minimized.

Show comment
Hide comment
@ibrasho

ibrasho Jun 3, 2015

Contributor

If I remove mcrypt dependency completely but end up with compatible encoding, is that fine?

Contributor

ibrasho commented Jun 3, 2015

If I remove mcrypt dependency completely but end up with compatible encoding, is that fine?

@taylorotwell

This comment has been minimized.

Show comment
Hide comment
@taylorotwell

taylorotwell Jun 3, 2015

Member

As long as it can decrypt stuff that was encrypted using the old mcrypt way.

On Wed, Jun 3, 2015 at 1:16 PM, Ibrahim AshShohail <notifications@github.com

wrote:

If I remove mcrypt dependency completely but end up with compatible
encoding, is that fine?


Reply to this email directly or view it on GitHub
#9020 (comment).

Member

taylorotwell commented Jun 3, 2015

As long as it can decrypt stuff that was encrypted using the old mcrypt way.

On Wed, Jun 3, 2015 at 1:16 PM, Ibrahim AshShohail <notifications@github.com

wrote:

If I remove mcrypt dependency completely but end up with compatible
encoding, is that fine?


Reply to this email directly or view it on GitHub
#9020 (comment).

@ibrasho

This comment has been minimized.

Show comment
Hide comment
@ibrasho

ibrasho Jun 3, 2015

Contributor

Encrypter::setCipher() and Encrypter::setMode() will not be BC.

Is this acceptable?

Contributor

ibrasho commented Jun 3, 2015

Encrypter::setCipher() and Encrypter::setMode() will not be BC.

Is this acceptable?

@taylorotwell

This comment has been minimized.

Show comment
Hide comment
@taylorotwell

taylorotwell Jun 3, 2015

Member

I'm fine with that.

Member

taylorotwell commented Jun 3, 2015

I'm fine with that.

@ibrasho

This comment has been minimized.

Show comment
Hide comment
@ibrasho

ibrasho Jun 3, 2015

Contributor

Done #9041

Contributor

ibrasho commented Jun 3, 2015

Done #9041

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment