February 22, 2017 By Larry Loeb 2 min read

Many developers consider the Libsodium library the go-to source of application-layer cryptography. It is thought to offer a portable, cross-compilable, easy-to-use library that can be applied to most standard crypto functions such as encryption, decryption, signatures and password hashing.

Now, the PHP core will be bound with the Libsodium cryptography libraries as of version 7.2. This merger is scheduled to emerge toward the end of this year, Bleeping Computer reported.

SHP Problems

The impetus for the change involved a new kind of environment that PHP — which powers at least 82 percent of websites, according to Bleeping Computer — encountered when running the WordPress content management system (CMS). Researchers have found numerous WordPress vulnerabilities of late, and the solution usually includes another PHP extension that functions as a CMS security-oriented extension.

However, problems can arise when using a shared host provider (SHP) rather than kind that provides root access in the cloud by default. SHPs do not want all sorts of PHP extensions roaming throughout their systems because if PHP breaks breaks something, they have to clean up the resulting mess. These limitations could lead to unsecured WordPress environments.

Libsodium Boosts Security

Scott Arciszewski, chief development officer at Paragon Initiative Enterprises, told Bleeping Computer that having all the raw, cryptographical goodness of Libsodium under the hood of PHP will have many salutary effects.

For example, he believes that Libsodium can eliminate the need for the number of PHP extensions otherwise required for a WordPress installation. The basic and secure cryptography, he reasoned, would be supported by default, and WordPress developers will be attracted to the newer and more secure functions.

Arciszewski further explained his reasoning on the Paragon Initiative blog. There he added that PHP’s commitment to cryptography is the first of its kind, and any future developments or similar relationships should only enhance security.

It remains to be seen whether adding Libsodium to PHP will increase the use of cryptography tools and result in more concrete security. However, it’s a step in the right direction for sure.

More from

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today