From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A3973138334 for ; Sat, 4 Aug 2018 15:26:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5DF57E0805; Sat, 4 Aug 2018 15:26:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E720BE07F6 for ; Sat, 4 Aug 2018 15:26:01 +0000 (UTC) Received: from [IPv6:2001:4dd7:b476:0:e15b:6639:f53c:611b] (2001-4dd7-b476-0-e15b-6639-f53c-611b.ipv6dyn.netcologne.de [IPv6:2001:4dd7:b476:0:e15b:6639:f53c:611b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: whissi) by smtp.gentoo.org (Postfix) with ESMTPSA id 91ABE335C9B for ; Sat, 4 Aug 2018 15:25:59 +0000 (UTC) Subject: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) To: gentoo-dev@lists.gentoo.org References: <20180623025046.djmsv44moxuqkv6t@proprietary-killer> <20180625075947.03bd4875@computer> <20180804114328.d4b31c885eba7cb98a1b5fd2@gentoo.org> <20180804072947.1f9ac221@computer> From: Thomas Deutschmann Openpgp: preference=signencrypt Autocrypt: addr=whissi@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBFc4iggBEACg/drq2pkXyE0mO7cqfaH5UX9D2A8uaBWHcgVPZdf+bVlc7gT1b/TJgFBO yCecB1j9ReWWAE55nwraFL7+5XofRnwVzC3PglN/M/F02fudCeEkFfDtH65DZ67LV0QqXOZ7 e2aqD1NxJM1ydcehIoxgESiv8ctMCcb5Jui2A7vddxEBouQqJKDVqXqANEiBrtd0x4+noRC3 07BN80SgUiwuSJp8Y9+LSdKWGxiDxFAQygDlLWu1QIOg2PUjrM1ZtKCii8IcbnhsEPZj0jcQ f/omIHaksyfMdx6lHfSUZzzLQm41nhWlgYUxzW4D8Nh+ka51FIIWRWwNJTXQNpU8s32AT+rr K2hyNY0F+hnCRc0gUJtAACPZYNYNMlTCIb5yLKo5qoRKcHkAI3vAPEsPO8nmpYaxhI+9PwWJ 9BMaOZ0PjN5P5p0ierOd3yjuu0CIx+yirAvZMZYLx3HylFmuIke5GfcfzTuZhgRL1yoaftCH B0zTc1Rmfgk5dLOPeApgH4E8k3K7OIagzpMXjPsyvdBdI2z/j8unZNvPT5uMCAA9yP7TxijH JeNa6MZyDebzfF+QTK1tOL5pWZolCFKOULHIWK9nX2B3/JJ4r7+5wUmob5UCjKCxjK9xunY5 8TzbpaV517MaLVk1kYuFRptqwRYRJ45l1+qcYwkhUcC+qg06PQARAQABzStUaG9tYXMgRGV1 dHNjaG1hbm4gPHRob21hc0BkZXV0c2NobWFubi5iaXo+wsGABBMBCgAqAhsAAh4BAheABQkH hiUCBQsJCAcDBRUKCQgLBRYDAgEABQJXOfYKAhkBAAoJEFhJfuUdXXSlwnQQAIDi4tsMwzw5 ZY3wSs+E6c37W6i2WGgHvN6MOCxR6qthV3fVL3Q4E4EV8DoGHLLA8rs/OYbJs1aSxF8Omlys +sFiVysrMz1NNL7MGbZ/Ov1CpQqRH+6LFzVVcf3dBGqsI3kXg9aUNw2zETIj0ZyCb+VKZ3yC 1DOVFlmGjaH3DtPCJrfEGfcaweFyn2Azljaot9Dg0ExzmAqwohESQNCfSBYhUC0Mc0HiRtzd 1pTIVSmFDTToztnofsLrkMpciNGaj6D7Mm1hZpI41K4IQ6ZKcJDtWduisYNzgafVWvxtGhpY oAVWmO353WafGpbeoP6IVbHQhIcS1JuN1Sn+lM4QtV0GgSgL5j3OtKmRKNiAcZpHX800TX2V 8yUZN3dj2PMU7fzdnVM0MXNwAvOdcckco5zVExn3OHfTxyrUIyEysj01EKCQdZerWjRLnQ7B QR4ff851B+Sl92tVMPBch8WYVZNTwDzsqzKROAe2UnOCTQoVY7OXh6gRblqGuzllMyQ2bZUP V5XLKDpmysb/y43QKSY5aeO8SOKOv+b8kWAXSKzzXnteErhKeAlDm1PKuAfkjq4swOe3nci4 r1r34Ss03Xgt3cJ6Ep3K87qjlLLDwRVyGEgyDiDItHdyEyLGA44pmWLAJzttHMSt3d9/FsTI 2jwwH9GRFg3oMS9PsEURYIU8zsFNBFc4ixMBEADHHlLOkftcSY+jWd9Vb3uHpPGIpztqU/jd 4mPZvrQGIlZYMO+uGtJuDQVdohQHugNvvnr9hfBYDGlhyAYlRIGkFLdZbsim+An+FGr5+f/P tHikILc0X+FbO8bAc0OjNfUlFaTXeKdEBTtdNiO+0WYWw8CtgTEpng+178q4UnTBae1QiBh5 3YmW0H4t8HQEN/NDuVXEREQXwOtJcP9fxDVdP/ynwHbGajx+qbWaQhcHo57XXIsojH5XoEr9 yvviQW6F2tzp/i88YQ1snTVI0G39TzQO2EJbSQpYUptI0PGSUlMbkm4i46XHFO0q15aQSfAg Eh5NWWzwVel7qDO1YmXb49nhg60MmceAhk+1VGxpuA3RNl6hebYzYdQplDo8EJp1MCt+Z4Lt /tzb+smTFRMyE80QzehOSyvIWCSoGmWY4Njc90AV/P/hSXYQqbuRb3sB3PlPGda7ZwPsoh2A WZU331jeBWwB9YnUJFXP4jGbnpXjHO3+RkRL2A39ZzFki751sPpC3jv0sxJhLBOkJlC+VI/7 t5ODzWElimA8Py1VmZfd2C9eBHYU4Eeay1EN7nl75Hsj2436dH9O45uIl838KNXWd4S+7/P5 NqWir9HjnhQwbaLZdJwJKjzDE9u4JvnAP0gmkqYIaNSAM9WfCA11LavNKJjaJNCc4Zkr2+w4 OQARAQABwsF8BBgBCgAmAhsMFiEExN1pX6cTjyQqoVY4WEl+5R1ddKUFAlrJMcoFCQWj8zcA CgkQWEl+5R1ddKW+Qw/+O/saVmYgBdWDc6Y2BzaOA3kRwixAGjMU2VMO5WifG2WkA1zd0kcY 1nR5XKosu/yLWX1WWde8Wh57BDD418JYMSnNyG976OXAeAgWuzmn+xtM8Tw2bHHCNVfCEqBl yS+lAdrXR3kIiJ/Ebr5EogsEZvVW9gowPoNIrzeXFYKqGGVc5Z4dQDgVRq7jgta6LJgOVYdP z6mrLTdjo4lIlC7U/w/dPBWUd0sn8XmtU5vbAfvgf9dfZtXGYnyI64EGr6I6oVyFj8QO/Ffo G/r+glBettColfcT7IiHUMb9i11Sd/FPsL/0EIHWG+a4JTg3QzAODMHF14BLpuqDElV5HlzX e9LafsH45PH/EvAxCNuOj6P1E4bPOHwD0Fhgia7YXi2OJVes9hWy8IrEgwUEDQQIFtECxdFa nkWlKiYyb9v+nqrjtugh6s6OicvAhnvhESky/QSr747tEnOAFTNYXXtz1BRvTu/tcyBK0m51 jW1Gwax+9ooGCnNEF2KknaW/NyLo4mFdvSOJOehcwOHn73G04GHSQSs6+f8Oy7GOriQCdwao aGduFUuKKOR05r5tstZHpuIW9mlL44LXzGQEEt6INpS0ha2XD28+ojXko2hPt7YgbTqOsFnT 34feWglZ58mWE7UyHEVXYeMIWqtQptgCf5fNc36jGay6gt0aLFlgy48= Organization: Gentoo Foundation, Inc Message-ID: <51640609-03ec-852c-3799-878ba7ce12ca@gentoo.org> Date: Sat, 4 Aug 2018 17:25:50 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Thunderbird/52.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180804072947.1f9ac221@computer> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="bJ8wjxX5WNASUcuXhOuxWS2xuMREvBHLg" X-Archives-Salt: b0e17431-e551-4469-9267-19dd93c7e43a X-Archives-Hash: e3e9194cb7c0b14b3a1213c27fae64d4 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bJ8wjxX5WNASUcuXhOuxWS2xuMREvBHLg Content-Type: multipart/mixed; boundary="fjjv2ONK0OIubOjE43PJLOefAb8FxF7tc"; protected-headers="v1" From: Thomas Deutschmann To: gentoo-dev@lists.gentoo.org Message-ID: <51640609-03ec-852c-3799-878ba7ce12ca@gentoo.org> Subject: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) References: <20180623025046.djmsv44moxuqkv6t@proprietary-killer> <20180625075947.03bd4875@computer> <20180804114328.d4b31c885eba7cb98a1b5fd2@gentoo.org> <20180804072947.1f9ac221@computer> In-Reply-To: <20180804072947.1f9ac221@computer> --fjjv2ONK0OIubOjE43PJLOefAb8FxF7tc Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2018-08-04 16:29, Hanno B=C3=B6ck wrote: >> Do you have any evidence that mcrypt should not be used? > Well, PHP was as far as I'm aware its main user and PHP has declared > mcrypt support to be deprecated a while ago. In all fairness: Yes, PHP project has removed ext/mcrypt from core, but they only moved it into an own PECL extension. My point here is, that they did not drop and prune mcrypt from universe due to security vulnerabilities. Anyone interested in this should read the following posting [1]. tl;dr Like most crypto libs, mcrypt isn't easy to use and you will likely do something wrong. In favor of a better solutions which should prevent such a misuse, mcrypt was deprecated. See also: =3D=3D=3D=3D=3D=3D=3D=3D=3D [1] https://why-cant-we-have-nice-things.mwl.be/requests/deprecate-then-r= emove-mcrypt. --=20 Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 --fjjv2ONK0OIubOjE43PJLOefAb8FxF7tc-- --bJ8wjxX5WNASUcuXhOuxWS2xuMREvBHLg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQKTBAEBCgB9FiEEM8WEgsQCKS0uPFwGlwn5DDyW/8gFAltlxX5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMz QzU4NDgyQzQwMjI5MkQyRTNDNUMwNjk3MDlGOTBDM0M5NkZGQzgACgkQlwn5DDyW /8ha4w//b8oztJg+YkmW6q69DhyRmVv/Y0/fWRMGawu0zdbUdnsx6aiRyBxnEFp2 lLaKuOUJrWz7LNE/nyhgQTNNmTsb+oHK3WdByrYC5GuIJgp9ZJCITyj6NbxRy/wE WUiDYWtJ4l2HR9JI27Im0X6uqirihS33UhONgH3KlzC2oKDyIJAdns772Hxa6N9H c8oI0ntcm/SWDu46FYmzH+hQcjX3aE5QPU1IE33Vv7Fr/O6/uVbVp2R9egpeXAF6 Uhicz6yNIe63USQsSGNisetoT6Ghk3hukdKmL/m0chjhI73gFgzug37mqxt4Tw/f h46QE9re7nXA2sG46t83u9P8MVg5yqnUchnpDH3i4jIeCLPPmodgh8ACw4FvYxUf HyrEM5k1dwXPsvBeEYAJgQyedY4OIKgcIi4PBxbX6z+x9ZmmW/cqESo5P37FvMvT RkzcpyJCnsRNnvIzcz1gGXfGz39twFw9XGbLnUvwmkjDN5yRiz91gvBeeyMKlLsg 3EeN/1lFvvNe90tnPu8VGOKC0CoYL5k/nIDNXYi54fuzST0Fp4pCK1OT8LE/bp8D S0WAbEEw2eczSt5JUyz5nAOBMT6b8AYM/38P8fOe937kqz/kkG98MBDx5lX+oQHB TQuQDK+c5v6StUueccrqFTViil9fsEKJzVDOgzDXXQulDwwUIXs= =g33h -----END PGP SIGNATURE----- --bJ8wjxX5WNASUcuXhOuxWS2xuMREvBHLg--