Hacker News new | past | comments | ask | show | jobs | submit login
The State of Cryptography in PHP (paragonie.com)
5 points by sarciszewski on Sept 11, 2015 | hide | past | web | favorite | 3 comments

This is a decent review of recent/past happenings in PHP cryptography, and where things are going in the future. I agree that we need a PSR for cryptography primitives—it'd prevent quite a few problems.

I'm moving less for a PSR and more for a core library that abstracts cryptography details away from the user. The average PHP developer can't be trusted to Encrypt-then-MAC, so why burden them with the responsibility?

While true, there are quite a few programmers who can. I'd go for a core library + PSR, so that the average developer can still use the core library. That way advanced developers can use something PSR compatible, and libraries that depend on the core library can still function.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact