
Everything You Know About Public-Key Encryption in PHP Is Wrong - type0
https://paragonie.com/blog/2016/12/everything-you-know-about-public-key-encryption-in-php-is-wrong
======
krob
This is not necessarily a PHP issue. The fact that it's been improved apon by
a better library speaks to how powerful php is even with the given native
methods.

openssl_public_encrypt() openssl_private_decrypt()

those methods have maintainers, if anything, the people working on this code
did a disservice to the php community at large by setting poor default values.

"The only thing I know about public key encryption in PHP is that it sounds
like a terrible idea. Am I wrong?" Rhetoric statement. "Yes, you are wrong"

Go write your own C encryption library, doing it yourself, probably an
insanely bad idea. But would you call C a shitty language? I bet yes, but
everything is written in it that you use everyday. If it's not written in it
directly, it's indirectly supported by it in atleast 2-3 different ways. PHP
uses C libraries for everything, try compiling any bit of php w/o the native
methods their api's provide, nothing will work.

~~~
TazeTSchnitzel
> This is not necessarily a PHP issue.

> the people working on this code did a disservice to the php community at
> large by setting poor default values.

Those functions are part of PHP. So… you're contradicting yourself, surely?

------
mpweiher
The only thing I know about public key encryption in PHP is that it sounds
like a terrible idea. Am I wrong?

~~~
CiPHPerCoder
It isn't necessarily a terrible idea. Where it becomes bad is when unskilled
developers implement it.

~~~
zkhalique
That sounds like the exact same two statements I hear over and over when it
comes to PHP

"Doing X in PHP is a bad idea"

"Well it's only a bad idea if done by unskilled developers"

