Skip to content

Instantly share code, notes, and snippets.

View paragonie-scott's full-sized avatar

Scott paragonie-scott

View GitHub Profile
paragonie-scott / composer.diff
Created April 16, 2015 02:34
diff --git a/tmp/phr_471Znr/vendor/autoload.php b/tmp/phr_6bTGzo/vendor/autoload.php
index 46c0c70..65ab5cb 100644
--- a/tmp/phr_471Znr/vendor/autoload.php
+++ b/tmp/phr_6bTGzo/vendor/autoload.php
@@ -4,4 +4,4 @@
require_once __DIR__ . '/composer' . '/autoload_real.php';
-return ComposerAutoloaderInit0d991f5b8a84042e16cf24b4b1b48953::getLoader();
+return ComposerAutoloaderInit6ccd5a50ed5df4dc5993d5b375e26928::getLoader();
paragonie-scott / Asymmetric.php
Last active August 29, 2015 14:21
Crypto API
namespace Cryptography;
class Asymmetric
// Let's not let users hang themselves; if we need more padding options let's add them later
const PAD_DEFAULT = 0;
const DRIVER_OPENSSL = 'openssl';
const DRIVER_SODIUM = 'libsodium';
paragonie-scott /
Created May 22, 2015 19:16
Paragon Initiative Enterprises - Open Source Projects in Development Queue
  • JSON -> Content-Security-Policy header compiler for Apache and nginx configurations
paragonie-scott / 32bitadd.php
Last active March 26, 2017 14:06
Add two integers modulo 2^32 on a 32-bit system
* Since integers in 32-bit PHP 5.x are signed, exclusively, this only goes up to 2147483647
function add_32bit($intA, $intB)
if (!is_int($intA) || !is_int($intB)) {
return false;
paragonie-scott /
Created June 7, 2015 19:20
On the Industry

This is just a collection of thoughts and feelings about the technology industry and guidelines I feel should be upheld.

Public Speaking

Don't Present Original Research at Expensive Events

If a minimum wage employee cannot reasonably afford to attend an event (e.g. saving $300 for DEFCON is probably the upper limit), original research should NOT be presented at that event.

Presenting cutting-edge ideas to the wealthy only serves to insulate the fat cats from the disruptions of the poor. There are plenty of other researchers that hunger for career progression that will serve the whims and aims of the upper class that can afford to drop several thousand dollars on a technology conference.

paragonie-scott /
Last active April 21, 2024 23:48
An Open Letter to Developers Everywhere (About Cryptography)
paragonie-scott /
Last active March 26, 2017 14:04
Don't use the OWASP PHP Crypto Library
paragonie-scott /
Created November 28, 2015 19:13
Why does Scott seem so self-promoting?

This is my formal response to variations of the question, Why do you always link to in your technical discussions? which some people have asked (or implied while accusing me of being up to no good).

The short answer is because I always try link to the most relevant answer I can provide to a specific technical question, and the most relevant way to introduce a point I'm about to make is usually a blog post that I've already written.

But more importantly, I stand by everything written on that website. If a blog post doesn't line up with my current understanding of security engineering, cryptography, and the art/science of web development in PHP, I'll go back and change the post to keep it in line with new information.

Many of the blog points explain, in significant detail, a technical matter that I don't feel like reiterating every time someone is about to make the same mistake that the community has already learned from.

Typically, when someone makes this accusati

paragonie-scott /
Last active February 2, 2016 01:25
LOL Entropy Estimates

Okay, let's say you have:

  • A password that consists of a single unknown character repeated an unknown number of times.
  • A strong password hashing algorithm that doesn't impose an upper limit on length.

How hard is your incredibly unwise passphrase for a cracker to guess?

First, you have to know which character it is. If we go with printable ASCII characters, that gives us 94 possibilities.

However, if we stretch the alphabet out to include all UTF-8 codepoints, you get 1,112,064 possible values.