
Simply Secure PHP Cryptography - CiPHPerCoder
https://paragonie.com/blog/2017/07/it-turns-out-2017-is-year-simply-secure-php-cryptography
======
pasta
_1\. Clean up old tutorials, forum posts, and blogs._

This! I'm still seeing code snippets on StackOverflow that use hashing for
password storage and queries without prepared statements.

I think at the moment that is still a weak spot of PHP.

Edit: my mistake. I was refering to weak hashes like md5 and sha1 or 'home
brew' hashing.

~~~
stephenr
> use hashing for password storage

As opposed to...?

~~~
aruggirello
PHP has had a _dedicated_ password hashing function since version 5.5: it's
password_hash().

But at least, if you want to roll your own password hashing, do it right: use
hmac, salting, stretching and a decent hash function - or use bcrypt/scrypt
and save yourself a few headaches.

~~~
stephenr
I'm well aware of that. The original comment suggested that password hashing
is bad, I was trying to identify what the poster thought should be used
instead.

~~~
idlewords
Evergreen: [https://codahale.com/how-to-safely-store-a-
password/](https://codahale.com/how-to-safely-store-a-password/)

------
mi100hael
I'm frequently amazed by how much Scott has single-handedly accomplished in
bringing modern security practices to PHP. Huge props!

~~~
verandaguys_alt
While I don't want to downplay his role in mobilizing the community, it's
hardly single-handed. Implementing ext/sodium was a group effort by dozens of
developers, reviewers, and testers.

~~~
CiPHPerCoder
> it's hardly single-handed

I can't emphasize this enough.

Libsodium was Frank Denis's project, which was spawned by NaCl by
cryptographers Dan Bernstein, Tanja Lange, and Peter Schwabe.

The participants who voted on the RFC, for the most part, were involved in the
technical discussions over the past two years since I first mentioned the
notion of doing so (before the PHP 7.0 release).

Similarly, there were 13 people who contributed to the libsodium-php
repository (ext/libsodium in PECL). Every single one of them had to consent to
relicensing the extension to easily get merged into PHP, and we all did.

I often joke that I'm the worst C developer in all of infosec, but there's
some truth to that when it comes to modifying the PHP core.

My main role in the ext/sodium project was saying, "We should do this," and
somehow getting people to listen.

------
jedisct1
If you can't wait until PHP 7.2 is available, version 2.0 of the standalone
extension was released on PECL:
[http://pecl.php.net/package/libsodium](http://pecl.php.net/package/libsodium)

It's identical to what was merged to PHP 7.2 (actually a bit better since some
pull requests haven't been merged to php-src yet).

------
petraeus
Until then php composer.phar require defuse/php-encryption

------
orf
I'm not entirely sure I believe that. I saw a Paragonie project that was
posted a while back, supposedly a "secure by default" CMS. I looked at the
code and saw it was an hard to audit mess that decided to implement everything
itself. It's own ORM, own router, own MVC framework. I spent an hour and found
numerous issues[1] in the code.

I don't believe re-implementing the wheel like that is a 'modern security
practice'. I asked why they did that instead of using robust, well tested and
well supported libraries and did not get a satisfactory answer.

While it's not the author's project (I think?) he is still part of the
company, and I'd hope such a security-focused organization wouldn't have done
something like that.

1\.
[https://paragonie.com/project/airship](https://paragonie.com/project/airship)

2\.
[https://news.ycombinator.com/item?id=13905055](https://news.ycombinator.com/item?id=13905055)

~~~
CiPHPerCoder
This is off topic and reads a bit like a personal attack, but if you want to
have a level-headed discussion about Airship's design and implementation,
[https://github.com/paragonie/airship/issues](https://github.com/paragonie/airship/issues)

A lot has changed since you last looked at it, and a lot will change before
the v2.0.0 rewrite is complete.

~~~
orf
I'm sorry that you read it as a personal attack, I did not mean for it to read
that way. I was merely pointing out something that I consider to be designed
contrary to security best practices in response to a comment about security
best practices.

I'm glad to hear things have changed in the code however, and wish you the
best with the rewrite.

~~~
tptacek
You replied to a comment praising Scott for improving PHP security by saying
"I'm not sure I believe that", and then ambiguously attacked his code. Who are
you trying to kid?

I don't much care one way or the other about whether it's OK to try to take
people down a peg, but I do care very much when people do that and then try to
get away with pretending that's not what they're doing.

------
lisper
Adding secure crypto to PHP is like putting a Schlage lock on a pup tent.

