A good article overall, and looks like it could be a good class - perhaps for a project I'm working with.
However, a couple statements in this article are unclear - if not misleading, which makes me wonder about the class itself.
First, you say "If this encryption algorithm ever becomes compromised, the class will default to a newer and stronger algorithm." That sounds 'wonderful', yet also 'mystical' (just where/how does the class 'know' the algorithm became compromised? does it poll a server/service somewhere? is that secure, or leaking my data??)
Then, you state "...new data you encrypt will automatically gain the use of the latest in crypto ciphers. All you will need to do is update your PHP Simple Encryption library." - oh, then what happened to the "default to a newer and stronger" bit??? and, where is that "automatically" part if I have to update the library???
The text simply is not clear, and as I said, I feel it is a bit misleading (or perhaps 'salesy' is a better term.... :)
John Conde - 2020-06-19 14:35:08 - In reply to message 1 from Sam Spickle
Reading your comments it seems you are making an assumption that the library will automagically do all of these things for us. That obviously is not the case.
When a default cipher is deemed no longer safe, or a better alternative comes along, the library will be updated to use a new cipher as the default cipher. This takes the onus of keeping abreast of the state of encryption out of the hands of users of this library, which is the point as this library is designed to help solve the problem of developers using encryption without actually understanding it.
Changing ciphers means users of the library will need to update their code to handle encrypted data that uses different ciphers assuming the choose to always use the default. Of course they can continue to use the former default cipher for as long as they choose simply by explicitly declaring it when creating the encryption object.
If they wish to update their encrypted data to use the new cipher they can do so either through a script or as incrementally as the data is access by their system.
Either way software maintenance is part of the technical debt every application incurs simply by existing.