Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4

Sat, 27 Jul 2024 15:15:39 -0700 

On 2024-07-28 00:36, Rowan Tommins [IMSoP] wrote:



On 27 July 2024 00:58:17 BST, Morgan <weedpac...@varteg.nz> wrote:


I'm not talking about the MD5 or SHA1 algorithms or whether they should or 
shouldn't be used. I'm just talking about the functions themselves. md5(), 
md5_file(), sha1(), and sha1_file(). They only exist because there wasn't the 
generic hash algorithm extension when they were created.


I understand what is being claimed (and you're not the only one claiming it), 
I'm just not convinced it's true.



I'm just looking at the manual's version information about when the 
functions were introduced. Seems pretty unambiguous: md5, sha1, hash: 
versions 3, 4, and 5 (via PECL).



> I think they have standalone functions for the same reason we added 
str_contains and str_starts_with - because it's convenient to have 
straightforward functions for common use cases.



Because there weren't any purpose-built functions that did the job, 
forcing users to use other functions in expensive ways for what is 
internally a pretty simple task. There is a purpose-built function for 
hashing.



The hash() function is like a 60-piece set of interchangeable screwdriver 
heads, which only professionals and enthusiasts need; md5() and sha1() are like 
the flat-head and Phillips screwdrivers that everyone has in a drawer somewhere.

The thing that always surprises me is that PHP *doesn't* have a standalone 
function for SHA-256, which is the only other I've ever used.




Why a SHA2 algorithm? Why not a SHA3 one? How about standalone functions 
for both, and then when SHA4 comes along (as it inevitably will) another 
standalone function for one of its variants?




To continue the analogy, we're missing a Pozidriv screwdriver, so people are 
misusing the Phillips one. The RFC is suggesting that we take away their 
flat-head and Phillips screwdrivers, and leave them with the 60-piece set, and 
no instructions.

My suggestion is we instead give them a Pozidriv screwdriver, and write some 
tips on how to use it correctly.


Or leave them them the 60-piece set (which includes flat-head and 
Phillips screwdrivers, so they're not being taken away), and write some 
tips on how to use it correctly.



Regards,
Rowan Tommins
[IMSoP]


























					Reply via email to