profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/paragonie-scott/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Scott paragonie-scott Paragon Initiative Enterprises Orlando, FL https://paragonie.com Residing at the intersection of PHP, security, cryptography, and open source software. CDO @ParagonIE. https://twitter.com/CiPHPerCoder

defuse/php-encryption 3280

Simple Encryption in PHP.

adamcaudill/libsodium-net 334

libsodium for .NET - A secure cryptographic library

paragonie/argon2-refiner 21

Generate Parameter Recommendations for Argon2id in PHP 7.3+

paragonie-scott/asgard-client 11

The Authentic Software Guard

bikeshedders/crypto-best-practices 5

Living document that encapsulates the state of the art for modern cryptography, with point-in-time snapshots.

paragonie/monolog-quill 2

A Monolog Handler for writing to a Chronicle instance

orgBullshit/cryptoBullshit 1

Look at all this broken crypto!

paragonie-scott/aes-xgcm 1

AES-XGCM: extended nonce AES-GCM (proof of concept)

paragonie-scott/app 0

CakePHP 3.0 application template

fork oslerw/Squirrel.Windows

An installation and update framework for Windows desktop apps

fork in 17 minutes

delete branch paragonie/php-src

delete branch : ristretto255

delete time in a day

push eventparagonie/php-src

Paragon Initiative Enterprises

commit sha 1ada95db77979621a44fb029add7b1df812c3884

Update UPGRADING to document sodium changes Also includes the UPGRADING changes for #6868

view details

Paragon Initiative Enterprises

commit sha b7a6613b72151b017fa3cb9436b3cdebb89492c2

Implement suggested changes from Nikita's code review

view details

push time in a day

release rollerworks/PasswordStrengthValidator

v1.3.3

released time in 2 days

issue commentparagonie/halite

Uncaught SodiumException ( not possible to securely wipe memory)

Just an update: I've managed to install Libsodium extension by using WHM > Module Installers > PHP Pecl > Libsodium

Thanks.

This solution is work for me. Thanks

udf2457

comment created time in 8 days

issue commentjedisct1/libsodium-php

run pecl install -f libsodium-1.0.7.tgz

And the current version is 2.0.25.

Version 1.0.x had a nice API but they are completely unsupported now.

jasonxiaoqin

comment created time in 9 days

issue commentjedisct1/libsodium-php

run pecl install -f libsodium-1.0.7.tgz

Hi,

Unfortunately I can't read the image. What does it say?

jasonxiaoqin

comment created time in 9 days

push eventjedisct1/libsodium-php

P.I.E. Security Team

commit sha b3e4e917a13bd852c8d60ec162c6c1cfd716ff3f

Add ristretto255, fix build failure with xchacha20 (#212)

view details

push time in 9 days

PR merged jedisct1/libsodium-php

Add ristretto255, fix build failure with xchacha20

Upstream PR: https://github.com/php/php-src/pull/6922

+745 -3

1 comment

6 changed files

paragonie-security

pr closed time in 9 days

pull request commentjedisct1/libsodium-php

Add ristretto255, fix build failure with xchacha20

Hey, this is great!

Thank you!

paragonie-security

comment created time in 9 days

push eventparagonie/php-src

Paragon Initiative Enterprises

commit sha fbcb29501ad98397e23f654347aad20eea2faf7e

Expose libsodium's Ristretto255 API

view details

push time in 10 days

push eventparagonie/libsodium-php

Paragon Initiative Enterprises

commit sha 705b5ad684f8a96c8af01d974d01f9313ff6e870

Add unit tests for ristretto255

view details

push time in 10 days

PR opened jedisct1/libsodium-php

Add ristretto255, fix build failure with xchacha20

Upstream PR: https://github.com/php/php-src/pull/6922

+604 -3

0 comment

4 changed files

pr created time in 10 days

create barnchparagonie/libsodium-php

branch : ristretto255

created branch time in 10 days

push eventparagonie/php-src

Paragon Initiative Enterprises

commit sha 3a2649b1742e5db4d8ec3a0a052421cbd86c3fa1

Expose libsodium's Ristretto255 API

view details

push time in 10 days

push eventparagonie/php-src

Paragon Initiative Enterprises

commit sha dad3abd21997ed103a06cb7cdeb221f10fbedfbc

Expose libsodium's Ristretto255 API

view details

push time in 10 days

create barnchparagonie/php-src

branch : ristretto255

created branch time in 11 days

push eventparagonie/libsodium-php

Frank Denis

commit sha 27d7e1df6c2de0bb9cf5cfc7e2e5beb8dbff450a

Add version number to Argon2i strings

view details

Frank Denis

commit sha baf090720c498a244a62147948f59dbe47a2b3d1

Update for crypto_pwhash() API change

view details

Frank Denis

commit sha 770bd4ee45513f858b138951db987bafcc8b23a9

Change most E_ERROR to E_RECOVERABLE_ERROR

view details

Frank Denis

commit sha d825a4d5cdb19ff2b90600e4eb86a6358ebb485a

Merge branch 'master' of https://github.com/jedisct1/libsodium-php * 'master' of https://github.com/jedisct1/libsodium-php: Update for crypto_pwhash() API change

view details

Frank Denis

commit sha cf6f8c0b415b1a7a90b1e58204e767afff71bc87

Update the Argon2 format string

view details

Frank Denis

commit sha 5f9d682a2e77315b803da1213ec062261476aeb7

Upcoming crypto_pwhash() API change

view details

Frank Denis

commit sha 9c7962c3a125f355cb7e5b519cae2317018106fa

randombytes_buf(0) is fine

view details

Frank Denis

commit sha f704175c589e3a4ead89d400f99b1f285bf83cc3

Add a test for randombytes_buf(0)

view details

Frank Denis

commit sha 6f576fba4ab986aa4c66f5e74d9e69cc33e2cf3a

1.0.3

view details

Remi Collet

commit sha c81b9e6e213d1157cd9d5ad2796b9e3f5d86bc35

fix skipif section

view details

Frank Denis

commit sha 9446e7380ac4da9e21168587d4543eb84143cc6d

Merge pull request #90 from remicollet/master fix skipif section

view details

Frank Denis

commit sha a2906ba220ca9d96d605f05d4f5ba8ae0771e4bd

Merge branch 'master' of https://github.com/jedisct1/libsodium-php * 'master' of https://github.com/jedisct1/libsodium-php: fix skipif section

view details

Frank Denis

commit sha 3228fb6eb7cac5a1261208e416e63aacd4a969fc

1.0.4

view details

Frank Denis

commit sha 63a820a915af64a0617143bb03c7518a61741b14

Add bindings for the IETF variant of Poly1305-ChaCha20

view details

Frank Denis

commit sha 6edd2b4a69c0c3fdd56c0426a8ac9eac2eb582d3

Bypass the chacha20poly1305-ietf test on libsodium < 1.0.4

view details

Frank Denis

commit sha 34c9e1f2594a535761b31f25c6b15af32f899935

1.0.5

view details

Frank Denis

commit sha 59158e4ab184e40ae0163e6338928a9faadb5cd7

Fix pasto for pwhash constants

view details

Frank Denis

commit sha ad69fbc8bd6f2f24cc41443637d2ad2400e4aeb4

1.0.6

view details

Frank Denis

commit sha a2967c3caabd64219bdf774c9ea6031eb5a104b7

Delete RELEASE files

view details

Frank Denis

commit sha f5ddf3b7fd956656a079563f999f73bb5ef5007b

Avoid calling `abort()` with huge messages and chacha20-ietf

view details

push time in 11 days

PR opened paragonie/halite

Update README.md

Fix namespaces on README example

+2 -2

0 comment

1 changed file

pr created time in 12 days

GollumEvent

created repositorytechnion/IISBackdoorDetect

Detects IIS modules such as IIS-RAID

created time in 17 days

delete branch paragonie/php-src

delete branch : sodium-stream-xchacha20

delete time in 18 days

issue commentparagonie/hidden-string

Keep getting exception error

It probably helps if you understand the problem being solved here.

Take a look at this code:

<?php
$secret = bin2hex(random_bytes(32)); // SECRET

function doSomething(string $secret)
{
    throw new Exception("It failed :'(");
}

doSomething($secret);

This produces the following stack trace:

Fatal error: Uncaught Exception: It failed :'( in /in/4WAgA:7
Stack trace:
#0 /in/4WAgA(10): doSomething('e5f01ddbc5d08be...')
#1 {main}
  thrown in /in/4WAgA on line 7

Process exited with code 255.

Which leaks our $secret: #0 /in/4WAgA(10): doSomething('e5f01ddbc5d08be...') (result is truncated in 3v4l, not in all environments).

The purpose of HiddenString is to prevent this leakage. Thus, you would never do (new HiddenString(STRING DATA))->getString();

What you will do is instantiate it $foo = new HiddenString(STRING_DATA); and then pass $foo around. When you need to actually inspect the value of $foo (which could be, like, a database password), you invoke $foo->getString() there, and only there. Then you can also strictly type your code to use HiddenString everywhere else.

Yes I know... Switching off error will also prevent this...

But I don't want to do that...

The problem is that... When am trying to decrypt the cypertext I passed it like this...

Symmetric::decrypt(HiddenString(STRING DATA));

But I keep getting the error again... And again...

This HiddenString object cannot be inlined as a string....

In the previous version, no errors were given but once I updated the library is started getting the error...

mitmelon

comment created time in 18 days

issue commentparagonie/hidden-string

Keep getting exception error

It probably helps if you understand the problem being solved here.

Take a look at this code:

<?php
$secret = bin2hex(random_bytes(32)); // SECRET

function doSomething(string $secret)
{
    throw new Exception("It failed :'(");
}

doSomething($secret);

This produces the following stack trace:

Fatal error: Uncaught Exception: It failed :'( in /in/4WAgA:7
Stack trace:
#0 /in/4WAgA(10): doSomething('e5f01ddbc5d08be...')
#1 {main}
  thrown in /in/4WAgA on line 7

Process exited with code 255.

Which leaks our $secret: #0 /in/4WAgA(10): doSomething('e5f01ddbc5d08be...') (result is truncated in 3v4l, not in all environments).

The purpose of HiddenString is to prevent this leakage. Thus, you would never do (new HiddenString(STRING DATA))->getString();

What you will do is instantiate it $foo = new HiddenString(STRING_DATA); and then pass $foo around. When you need to actually inspect the value of $foo (which could be, like, a database password), you invoke $foo->getString() there, and only there. Then you can also strictly type your code to use HiddenString everywhere else.

mitmelon

comment created time in 18 days

issue commentparagonie/hidden-string

Keep getting exception error

Not sure if it makes sense to use it like this... I don't think you gain anything here.

mitmelon

comment created time in 18 days

issue commentparagonie/hidden-string

Keep getting exception error

It means you're not invoking getString() on the HiddenString object, but trying to e.g. print it directly.

The entire point of HiddenString is to prevent data from leaking via e.g. stack traces, or accidentally var_dumping its contents.

So in such case it should be like this right (new HiddenString(STRING DATA))->getString();

If am correct

mitmelon

comment created time in 18 days

pull request commentparagonie/hidden-string

Allow PHP 7.2

Version 1 of this package installs on 7.0+. Version 2 requires 7.4+.

See the release notes here. https://github.com/paragonie/hidden-string/releases/tag/v2.0.0

Nyholm

comment created time in 18 days

issue commentparagonie/hidden-string

Doesn't work when xdebug extension is enabled

Thanks for reporting this. Our clients don't use Xdebug in production, so we haven't encountered this problem.

nask0

comment created time in 18 days