On 27 July 2024 00:58:17 BST, Morgan <weedpac...@varteg.nz> wrote:
>
>I'm not talking about the MD5 or SHA1 algorithms or whether they should or
>shouldn't be used. I'm just talking about the functions themselves. md5(),
>md5_file(), sha1(), and sha1_file(). They only exist because there wasn't the
>generic hash algorithm extension when they were created.
I understand what is being claimed (and you're not the only one claiming it),
I'm just not convinced it's true. I think they have standalone functions for
the same reason we added str_contains and str_starts_with - because it's
convenient to have straightforward functions for common use cases.
The hash() function is like a 60-piece set of interchangeable screwdriver
heads, which only professionals and enthusiasts need; md5() and sha1() are like
the flat-head and Phillips screwdrivers that everyone has in a drawer somewhere.
The thing that always surprises me is that PHP *doesn't* have a standalone
function for SHA-256, which is the only other I've ever used.
To continue the analogy, we're missing a Pozidriv screwdriver, so people are
misusing the Phillips one. The RFC is suggesting that we take away their
flat-head and Phillips screwdrivers, and leave them with the 60-piece set, and
no instructions.
My suggestion is we instead give them a Pozidriv screwdriver, and write some
tips on how to use it correctly.
Regards,
Rowan Tommins
[IMSoP]
