PHP 8.3.27 Released!

Voting

: four minus zero?
(Example: nine)

The Note You're Voting On

security at paragonie dot com ΒΆ
9 years ago
We can't guarantee that RSA will still be trusted for security in 2016, but this is the current best practice for RSA. The rest of the world is moving on to ECDH and EdDSA (e.g. Ed25519).

That said, make sure you are using OPENSSL_PKCS1_OAEP_PADDING or else you're vulnerable to a chosen-ciphertext attack (Google: "Daniel Bleichenbacher 1998 RSA padding oracle" and you'll find plenty of material on it.)

The only fix is to use OAEP (preferably with MGF1-SHA256, but this function doesn't let you specify that detail and defaults to MGF1+SHA1).

Phpseclib offers RSAES-OAEP + MGF1-SHA256 for encryption and RSASS-PSS + MGF1-SHA256 for signatures.

http://phpseclib.sourceforge.net/rsa/examples.html#encrypt,enc1

If you don't want to hassle with these details yourself, check out https://github.com/paragonie/EasyRSA

<< Back to user notes page

To Top