Date: Mon, 18 Jan 2016 10:17:27 +0100 From: Bart van Tuil <bvantuil@...argroup.nl> To: Scott Arciszewski <scott@...agonie.com>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] It essentially wins crypto vulnerability bingo! gilfether/phpcrypt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't get something: > 4. https://github.com/paragonie/EasyRSA (reluctantly included for > people that really believe they need RSA) ...What's, in your opinion ofcourse, the wrong thing about implementing RSA in a decent web application? PHP is used for much, much more than building simple frontpages without a backend (where this might be a senseless complication). RSA is still the way to go about implementing accessible asymmetrical crypography... I do agree, wholeheartedly, that building your own cryptographic primitives is just an expensive way of ultimately fooling yourself. Just wondering... All the best, Bart <rant> PS: All this bashing on PHP really tires me - it's getting old and redundant. And no - im not a PHP developer. </rant> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJWnK2nAAoJEEnUI2SRQ818biYH/1uKMFgwvkj2iBax/0NJlNTH 2Tfd6HLjesvaHUUpQGnvlOILszBoULOlzSsbIXkeLAob/nRyMll7MNI1UExzxub2 3tJzmzXenMCT+3en9vCr1eBkEZBCGKWudTLYoEYSanzK1aKr2N4aZEFxYzKWq+fX v3hZQuqbISnUvk5UzSdpKW8ZHEMdjhdqt9h7q2BH7m/z5o72jHDBkOFpflCRzIu3 xlH0ctxFT1F0C071Dk+I5zdAOnERqM/68wDvJ0fHYmobtKPfMDgu8nSqYyB5LpUK U1R4zAe/Jpuxkx9DWZb2f0BK7SrZwX9jDs+BPkDZ1tpN6rV2z3toaXtrWjMbwWM= =o7rc -----END PGP SIGNATURE----- This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ