This actually makes PHP the first language, over Erlang and Go, to get a secure crypto library in its core.
Of course, having the ability doesn’t necessarily mean it gets used properly by developers, but this is a major step forward.
The vote for the Libsodium RFC has been closed. The final tally is 37 yes,0 no.
I’ll begin working on the implementation with the desired API (sodium_*instead of \Sodium\*).
Thank you for everyone who participated in these discussions over the past year or so and, of course, everyone who voted for better cryptography inPHP 7.2.
Scott Arciszewski
Source: php.internals: [RFC][Vote] Libsodium vote closes; accepted (37-0)
As a reminder, the Libsodium RFC:
Title: PHP RFC: Make Libsodium a Core Extension
Libmcrypt hasn’t been touched in eight years (last release was in 2007), leaving openssl as the only viable option for PHP 5.x and 7.0 users.
Meanwhile, libsodium bindings have been available in PECL for a while now, and has reached stability.
Libsodium is a modern cryptography library that offers authenticated encryption, high-speed elliptic curve cryptography, and much more. Unlike other cryptography standards (which are a potluck of cryptography primitives; i.e. WebCrypto), libsodium is comprised of carefully selected algorithms implemented by security experts to avoid side-channel vulnerabilities.