Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4

[Rowan Tommins [IMSoP]]

On 29 July 2024 21:00:37 BST, Morgan <weedpac...@varteg.nz> wrote:

>That still doesn't protect md5() and sha1() from deprecation; if there is a 
>PHP-mandated default hash algorithm that gets its own name, then users should 
>be encouraged to use that one, which means not leaving the others lying around 
>to for it to hide among. Anyone who needs to continue to support the old 
>algorithms can ... use hash().

Absolutely. If someone wants to write a proposal to do that, I'd probably be 
willing to support it. Until then, there's no reason to disrupt users of the 
existing functions, when there's no clear message of what they are doing wrong.


>When it comes to advice about which to use, that seems less the purview of a 
>PHP reference manual for the function, and more something like
>https://csrc.nist.gov/projects/hash-functions

If hash() exists only as a function for power users who already know something 
about the subject, then yes, maybe. If we're telling everyone to look it up 
when they thought they were going to use sha1(), then we need to give them 
something to read when they get there.

Regards,
Rowan Tommins
[IMSoP]