On 2024-07-24 15:58, Peter Stalman wrote:
On Mon, Jul 22, 2024 at 9:06 AM Derick Rethans <der...@php.net
<mailto:der...@php.net>> wrote:
- Deprecate md5(), sha1(), md5_file(), and sha1_file() (just says
"large
impact")
About 1.2 million.
https://github.com/search?q=%28md5+OR+md5_file+OR+sha1+OR+sha1_file%29+language%3APHP+&type=code
<https://github.com/search?q=%28md5+OR+md5_file+OR+sha1+OR+sha1_file%29+language%3APHP+&type=code>
On the other hand, who will be impacted by these deprecations?
Potentially everyone, as these are included in many projects and in many
vendor packages. It's busy work for the people who aren't affected.
Sure, eventually, it will all be sorted out as CI warnings slowly
subside because of this.
Reasons such as GIT and most cloud storages using these functions should
be enough to spare them. Example: https://rclone.org/overview/
<https://rclone.org/overview/>
The point is that there are several reasons in 2024 to use md5 and sha1.
Granted hashing passwords isn't one, but we're past that as a community
already. And for the few that aren't, I'd argue there is no saving.
And they would still be available as hash("md5") and hash("sha1"); the
only reason they're called out as their own distinct functions today is
historical inertia.
