On 2018-08-04 16:29, Hanno Böck wrote: >> Do you have any evidence that mcrypt should not be used? > Well, PHP was as far as I'm aware its main user and PHP has declared > mcrypt support to be deprecated a while ago.
In all fairness: Yes, PHP project has removed ext/mcrypt from core, but they only moved it into an own PECL extension. My point here is, that they did not drop and prune mcrypt from universe due to security vulnerabilities. Anyone interested in this should read the following posting [1]. tl;dr Like most crypto libs, mcrypt isn't easy to use and you will likely do something wrong. In favor of a better solutions which should prevent such a misuse, mcrypt was deprecated. See also: ========= [1] https://why-cant-we-have-nice-things.mwl.be/requests/deprecate-then-remove-mcrypt. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
signature.asc
Description: OpenPGP digital signature
