Laravel encryption algorithm
#53606
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Laravel Version
11
PHP Version
8.3
Database Driver & Version
No response
Description
This is not a bug; it’s just a question/suggestion.
Why is Laravel still using OpenSSL for encryption/decryption? PHP 7.2 introduced the Sodium extension, which provides a simpler, more modern, and secure way to handle encryption. With Laravel 11 requiring PHP 8.1 as the minimum version, it seems like a great opportunity to introduce Sodium as an option for encryption.
Suggestion:
Laravel 11: Add Sodium as an optional encryption engine, allowing developers to start using it right away.
Laravel 12+: Make Sodium the default encryption engine, while still keeping OpenSSL as a fallback for backward compatibility.
Modern API: Sodium offers a simpler and less error-prone interface compared to OpenSSL.
Security: Sodium is designed with modern cryptographic best practices in mind and is less prone to misuse.
Performance: Sodium is optimized for modern hardware and provides better performance in many scenarios.
If this suggestion is given the green light, I’d be happy to prepare a pull request to add Sodium support to Laravel. Please let me know your thoughts or if there’s already a roadmap for this feature.
Steps To Reproduce
no need to reproduce. It's not a bug (see description)
Beta Was this translation helpful? Give feedback.
All reactions