Hi, I would like to upload a new package for mysqlnd ed25519 authentication to PECL
Currently, PHP can only connect to MariaDB servers using the mysql_native_password authentication plugin, which relies on SHA-1. SHA-1 is considered insecure, as noted in RFC 6194, 9155, 9157, RFC 9157, NIST SP 800-131A, etc. This module provides an authentication plugin (ed25519) that uses libsodium for authentication, allowing PHP clients to authenticate against MariaDB servers using Ed25519 instead of SHA-1. The new package, mysqlnd_ed25519, is currently hosted here: https://github.com/9EOR9/mysqlnd_ed25519.git Also support for the MariaDB PARSEC authentication plugin is planned. However, implementing it requires additional round trips, and the current mysqlnd plugin API does not seem to support multiple round trips without accessing mysqlnd’s internal functions. If anyone has experience implementing a mysqlnd authentication plugin that requires extra round trips, I would greatly appreciate advice or examples. Please let me know if there are any objections to uploading this to PECL or if you have questions or suggestions. About me: I am a member of MariaDB’s Connector team and a retired author/maintainer of PHP’s mysql, mysqli, mysqlnd, and ncurses extensions, as well as a retired member of the PHP documentation team. Best regards, Georg Richter -- Georg Richter, Staff Software Engineer Client Connectivity MariaDB Corporation Ab
