On 21/02/2022 12:28, Jakub Zelenka wrote:
We can see that there are some valid use case for using crypt directly and we can also see that it's offered by other languages as well - e.g. Python: https://docs.python.org/3/library/crypt.html .
I think this is quite an important point: if crypt() worked with some wacky homebrew format that only PHP understood, then planning to remove it would make sense. But since we don't have control over applications *outside* PHP, providing the low-level function that interoperates with them, and is hard to implement in userland, seems useful.
If updating the manual isn't enough, we could make more aggressive changes short of removal, such as renaming "CRYPT_MD5" to "CRYPT_INSECURE_MD5" and so on.
Incidentally, does the function now support Argon hashes, or are they implemented separately in the password functions?
Regards, -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
