I disagree. While MD5 and SHA1 might not be suitable for modern cryptographic operations, these functions might be needed for legacy situations -- e.g., munging through old data.
On Mon, Feb 10, 2020 at 1:50 PM Tom Van Looy via internals < internals@lists.php.net> wrote: > Hi > > While in some environments the use of MD5 and SHA1 are still acceptable for > some use cases like file integrity verification etc. the use of these > algorithms should be discouraged and not be your choice when developing new > applications. > > I suggest to deprecated the functions md5_file() and sha1_file(). This will > make people think about upgrading to a better alternative. If you still > need this functionality you can always switch to the hash_file() function. > > Carrying around these two dedicated functions seems a bit too much for a > modern PHP. What do you think? > > My feeling was that this is a no brainer. Should I open an RFC for this? > > Kind regards, > > Tom Van Looy >
