cancel
Showing results for 
Search instead for 
Did you mean: 

Consider dropping mcrypt dependency

0 Kudos

Consider dropping mcrypt dependency

Feature request from kabel, posted on GitHub Jul 10, 2015

The mcrypt php extension and the underlying libmcrypt are unmaintained and there is a strong effort to remove them from the PHP core. [1] [2]

This would be a good opportunity to port any password or data encryption to the better maintained openssl or password extensions.

4 Comments
Not applicable
Status changed to: Investigating
 
Not applicable

Comment from pronto2000, posted on GitHub Jul 10, 2015

Pretty much every payment method there uses Mcrypt. I don't think there's a way to get rid of it that easily.

Not applicable

Comment from kabel, posted on GitHub Jul 10, 2015

I'm fairly certain there isn't anything the Magento app is doing with mcrypt that couldn't be trivially ported to openssl.

Not applicable

Comment from piotrekkaminski, posted on GitHub Jul 10, 2015

We are aware of that, internal ticket MAGETWO-39838. As this is not scheduled yet, if someone wants to contribute the change as a pull request, we would appreciate that.

Do you have any recommendation which library should be used instead? If this is not PHP core functionality, it should be:

  • actively supported and stable
  • best if compatible/endorsed by Zend Framework/Symfony