CodeIgniter Forums
subpar encryption routines - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: subpar encryption routines (/thread-23264.html)



subpar encryption routines - El Forum - 10-05-2009

[eluser]Unknown[/eluser]
Re: http://ellislab.com/codeigniter/user-guide/libraries/encryption.html

CodeIgniter includes a reimplementation of sha1, auspiciously for backwards compatibility, which I think is noble endeavor. Problem is, if anything needs a backwards compatibility layer, it's not sha1 - it's the encryption routines. Per the Server Requirements, CodeIgniter requires PHP 4.3.2. sha1() has been included in PHP since PHP 4.3. mcrypt, however, has not. Indeed, mcrypt has never been included in PHP by default. It's only ever been available by extension and not all hosts have the mcrypt extension installed.

There are pure-PHP encryption algorithms that CodeIgniter can make use of for maximum compatibility. Here's one I've been using, as of late:

http://phpseclib.sourceforge.net/

It's the fastest pure-PHP implementation around, per this:

http://phpseclib.sourceforge.net/documentation/crypt.html#crypt_aes_benchmarks

Now, I could just use CodeIgniter and phpseclib in tandem, but I'd just assume minimize the number of libraries that I'm using. Also, if CodeIgniter is going to enable some functionality, it ought to do it well - users shouldn't have to do Google searches to make sure that CodeIgniter's implementation is the best one available - it should just be the best implementation available from the get go. For many use cases it is, but still... I think it could do better.