1 |
On 2018-08-04 16:29, Hanno Böck wrote: |
2 |
>> Do you have any evidence that mcrypt should not be used? |
3 |
> Well, PHP was as far as I'm aware its main user and PHP has declared |
4 |
> mcrypt support to be deprecated a while ago. |
5 |
|
6 |
In all fairness: |
7 |
|
8 |
Yes, PHP project has removed ext/mcrypt from core, but they only |
9 |
moved it into an own PECL extension. My point here is, that they |
10 |
did not drop and prune mcrypt from universe due to security |
11 |
vulnerabilities. |
12 |
|
13 |
Anyone interested in this should read the following posting [1]. |
14 |
|
15 |
tl;dr |
16 |
Like most crypto libs, mcrypt isn't easy to use and you will |
17 |
likely do something wrong. In favor of a better solutions which |
18 |
should prevent such a misuse, mcrypt was deprecated. |
19 |
|
20 |
|
21 |
See also: |
22 |
========= |
23 |
[1] https://why-cant-we-have-nice-things.mwl.be/requests/deprecate-then-remove-mcrypt. |
24 |
|
25 |
|
26 |
-- |
27 |
Regards, |
28 |
Thomas Deutschmann / Gentoo Linux Developer |
29 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |