| 1 |
On 2018-08-04 16:29, Hanno Böck wrote: |
| 2 |
>> Do you have any evidence that mcrypt should not be used? |
| 3 |
> Well, PHP was as far as I'm aware its main user and PHP has declared |
| 4 |
> mcrypt support to be deprecated a while ago. |
| 5 |
|
| 6 |
In all fairness: |
| 7 |
|
| 8 |
Yes, PHP project has removed ext/mcrypt from core, but they only |
| 9 |
moved it into an own PECL extension. My point here is, that they |
| 10 |
did not drop and prune mcrypt from universe due to security |
| 11 |
vulnerabilities. |
| 12 |
|
| 13 |
Anyone interested in this should read the following posting [1]. |
| 14 |
|
| 15 |
tl;dr |
| 16 |
Like most crypto libs, mcrypt isn't easy to use and you will |
| 17 |
likely do something wrong. In favor of a better solutions which |
| 18 |
should prevent such a misuse, mcrypt was deprecated. |
| 19 |
|
| 20 |
|
| 21 |
See also: |
| 22 |
========= |
| 23 |
[1] https://why-cant-we-have-nice-things.mwl.be/requests/deprecate-then-remove-mcrypt. |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
Regards, |
| 28 |
Thomas Deutschmann / Gentoo Linux Developer |
| 29 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |
Archives