PowerKiKi
commented
6 years ago Thanks for the contribution, it seems to be a good start.
But I think we need to go all the way and drop mcrypt entirely. Using one or the other conditionally make it dangerous when run via a web server, or run via CLI. I've seen first hand that it is too easy to mess up server configuration and end up running CLI with a different PHP version than the web. This would lead to hard to debug issues.
Also we should either figure out a way to migrate existing data, or declare this change as breaking and instruct users to re-configure their passwords.
Finally unit tests may have to be adapted. At first you can easily fix the code style issues with ./vendor/bin/php-cs-fixer fix.
Using openssl for PHP versions 7.2 and higher since mcrypt was removed for those.