On Fri, 26 Jul 2024, at 12:58, Tim Düsterhus wrote:
> I think you are expecting a little too much from a beginner that is
> following "the modern PHP tutorial" if you expect them to critically
> question whether the tutorial is actually good or not. They are likely
> already struggling with syntax and explaining the difference between
> "if" and "while". You wouldn't believe how often I've heard the term
> "if-Schleife" (if loop) in German.
I think you are expecting a little too much from a beginner if you think they
will see the message "md5() is deprecated", and research up to date advice on
hashing algorithms, rather than asking ChatGPT how to make the code work, and
replacing it with "hash('md5', ...)".
> CRC32 does not claim to be a cryptographically secure hash algorithm.
> Its use case is completely different.
As an inexperienced user looking at the PHP manual for hash() and hash_algos(),
how would I know that? It's right there in the list, just after something
called "adler32".
> I'm seeing the sarcasm indicator, but I'm compelled to point out that
> SHA-256 and SHA-512 are both SHA-2. If one is broken, it is likely that
> the other is as well.
Again, you know that, but do the users you're trying to help by deprecating
sha1()? I'm a reasonably experienced developer, and I have no idea why SHA-512
would exist if it's not in some way "better" than SHA-256.
Regards,
--
Rowan Tommins
[IMSoP]
