1 |
Hi, |
2 |
|
3 |
On Sat, 4 Aug 2018 11:43:28 +0300 |
4 |
Andrew Savchenko <bircoph@g.o> wrote: |
5 |
|
6 |
> Do you have any evidence that mcrypt should not be used? |
7 |
|
8 |
Well, PHP was as far as I'm aware its main user and PHP has declared |
9 |
mcrypt support to be deprecated a while ago. |
10 |
|
11 |
> Symmetric cryptography is quite conservative and it took years and |
12 |
> even decades for algorithms and their implementations to become |
13 |
> trusted, so there is nothing wrong in using good old verified |
14 |
> software. |
15 |
|
16 |
When it comes to cipher modes the fact that people use decades old |
17 |
modes is a problem. See efail for a prominent example, but there |
18 |
are many less prominent ones. |
19 |
|
20 |
Look at the mcrypt webpage: |
21 |
http://mcrypt.sourceforge.net/ |
22 |
|
23 |
Modes of Operation: |
24 |
|
25 |
CBC |
26 |
CFB |
27 |
CTR |
28 |
ECB |
29 |
OFB |
30 |
NCFB |
31 |
|
32 |
That is a mixture of very insecure (ECB), insecure in most situations |
33 |
(all others) and totally obscure modes. It doesn't include any |
34 |
authenticated encryption modes, which in most situations is what you |
35 |
want to use. |
36 |
|
37 |
-- |
38 |
Hanno Böck |
39 |
https://hboeck.de/ |
40 |
|
41 |
mail/jabber: hanno@××××××.de |
42 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |