6 comments

[ 2.8 ms ] story [ 28.3 ms ] thread
The only thing I know about public key encryption in PHP is that it sounds like a terrible idea. Am I wrong?
I'm disgusted that the words encryption and PHP were even used in the same sentence. I need to go shower.
It isn't necessarily a terrible idea. Where it becomes bad is when unskilled developers implement it.
That sounds like the exact same two statements I hear over and over when it comes to PHP

"Doing X in PHP is a bad idea"

"Well it's only a bad idea if done by unskilled developers"

This is not necessarily a PHP issue. The fact that it's been improved apon by a better library speaks to how powerful php is even with the given native methods.

openssl_public_encrypt() openssl_private_decrypt()

those methods have maintainers, if anything, the people working on this code did a disservice to the php community at large by setting poor default values.

"The only thing I know about public key encryption in PHP is that it sounds like a terrible idea. Am I wrong?" Rhetoric statement. "Yes, you are wrong"

Go write your own C encryption library, doing it yourself, probably an insanely bad idea. But would you call C a shitty language? I bet yes, but everything is written in it that you use everyday. If it's not written in it directly, it's indirectly supported by it in atleast 2-3 different ways. PHP uses C libraries for everything, try compiling any bit of php w/o the native methods their api's provide, nothing will work.

> This is not necessarily a PHP issue.

> the people working on this code did a disservice to the php community at large by setting poor default values.

Those functions are part of PHP. So… you're contradicting yourself, surely?