
The State of Cryptography in PHP - sarciszewski
https://paragonie.com/blog/2015/09/state-cryptography-in-php#resubmit
======
trebor
This is a decent review of recent/past happenings in PHP cryptography, and
where things are going in the future. I agree that we need a PSR for
cryptography primitives—it'd prevent quite a few problems.

~~~
sarciszewski
I'm moving less for a PSR and more for a core library that abstracts
cryptography details away from the user. The average PHP developer can't be
trusted to Encrypt-then-MAC, so why burden them with the responsibility?

~~~
trebor
While true, there are quite a few programmers who can. I'd go for a core
library + PSR, so that the average developer can still use the core library.
That way advanced developers can use something PSR compatible, and libraries
that depend on the core library can still function.

