|
|
|
|
|
|
by sarciszewski
4057 days ago
|
|
|
From the article: Although it's possible to provide a relatively secure cryptography
library that builds on top of mcrypt (the earlier version of
defuse/php-encryption did), switching your code to openssl will
provide better security, performance, maintainability, and
portability.
The argument here isn't that mcrypt is doomed/inherently vulnerable, it's two-fold:1. OpenSSL is a better choice, especially if you're an average PHP developer who is ignoring cryptographers' advice not to deploy your own crypto implementations 2. If a critical bug is found in libmcrypt, since nobody is maintaining it anymore, it is unlikely to get fixed. You are much safer using a library where patches are still being merged. I hope this makes more sense. |
|
|