Replace mcrypt with OpenSSL #45
Assignees
Labels
Milestone
Comments
mattheworres
added
tech-debt
mattheworres
added a commit
that referenced
this issue
Jan 7, 2019
|
This was actually way easier than I at one point thought, and I erroneously dove down the rabbit hole of completely re-doing the auth scheme in the app (which I've come to the conclusion will require moving off of Silex, and onto Symfony 4 - a future item, but a large refactor). Instead, just replace the mcrypt method and call it a day. Old salts generated with mcrypt are OK, the primary concern here is not one of security, but rather platform compatibility. PHP7.2 servers won't be able to have mcrypt installed, but OpenSSL comes by default. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In PHP 7.2 they are officially removing mcrypt from the PHP library (it was marked as deprecated in 7.1), so in order to keep the project compatible on the newest versions of PHP, the use of Mcrypt in the Salt Service will need to be migrated to use OpenSSL instead, and a suitable way to convert values generated by Mcrypt to values created by OpenSSL will be needed too.
The text was updated successfully, but these errors were encountered: