[TYPO3-dev] Symmetric encryption library for t3lib
Marcus Krause
marcus at t3sec.info
Fri Oct 30 11:50:37 CET 2009
Martin Kutschker schrieb am 10/30/2009 11:43 AM Uhr:
> Marcus Krause schrieb:
>> Martin Kutschker schrieb am 10/30/2009 11:12 AM Uhr:
>>> Marcus Krause schrieb:
>>>> I'd like to hear any comments and suggestions. Do you consider such
>>>> library an effort worth to be made? Is the current dependency on
>>>> PHP mcrypt extension valid for a t3lib library?
>>> What is the advantage of this wrapper class over direct use of
>>> mcrypt? Is there any direct use case for the Core or the shipped
>>> system extensions?
>> It's an abstraction from a complex area. With proper presets, encryption
>> /decryption is done with one single method call each.
>> If you use mcrypt function calls, you need do understand the basics of
>> symmetric encryption, ciphers, modes and need more code.
>
> Good. I hope it doesn't get so easy that you can use it in a way that it offers no encryption at all
> if you're clueless and only know that t3lib/security will get you magically security.
You obviously want to prevent a "no encryption" case. ;-)
>> There's a use case; the latest security bulletin contains an issue with
>> encryption/decryption. Please understand, that I don't want to point
>> directly to the code.
>
> That is, the Core uses mcrypt already and you want to add helper code. Right?
Core does not use mcrypt. The issue in question was using "some kind of
encryption".
If you think ahead, with an additional asymmetric library we could
extract according code from sysext:rsa and make it available to everyone.
I think that there will pop up more uses cases if TYPO3 would provide
encryption libraries.
Some people are working on webservices (REST/SOAP) for TYPO3. Encryption
libaries would help there too.
Marcus.
More information about the TYPO3-dev
mailing list