Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4

[Mike Schinkel]

     
 

 
 
 
 
 
 
 
 

 
 
>  
> On Jul 25, 2024 at 6:02 PM,  <Nick Lockheart (mailto:li...@ageofdream.com)>  
> wrote:
>    That's a good point. What if there were crypto functions that worked
>  
>  
>  like password_hash() in that they had one generic function name, but 
> magically used the new/better "best practice" algorithms as time went by 
> without the need to update any calling code? Maybe there should be three 
> generic-named functions: fast_hash() // not secure, makes UIDs quickly 
> secure_hash() // uses best practice one-way hash algo secure_crypt() // uses 
> best practice reversible encryption. Then the developer signals their 
> *intent* by choosing a function name, and the algorithm magically works 
> underneath (perhaps with the option of an ini override to make those 
> functions work in different environments). 
>
>  
 
 
 
 
 

 If those _were_ added, I would bikeshed their names to make sure their intent 
was 100% clear: 
>  
 
 
 

 
 
insecure_hash() // not secure, makes UIDs quickly
 
secure_oneway_hash() // uses best practice one-way hash algo
 
secure_reversible_hash() // uses best practice reversible encryption.
 

 
-Mike