Hi
On 7/28/24 00:25, Rob Landers wrote:
I'd love to see a "hashing" namespace and all of these given their own functions with
docblocks and manual pages instead of the current generic "god of hash" page which
doesn't even list the hash functions available; you have to click on hash_algos and then look at
the var_dump of hash algorithms. From there, you can google each one and try to understand what
each one is good at and why you would use murmur3a over murmer3f, then try to figure out which one
is the version that is compatible with javascript but not compatible with c# or maybe the other way
around... (I recently got to go on that ride).
The problem with adding standalone functions for every algorithm is that
it would result in a combinatorial explosion of available functions.
Unless we want to make some of them "second class citizens" with reduced
functionality or generally want to remove everything except for
incremental hashing, we would need the following for each of them (with
hash standing for the algorithm):
- hash()
- hash_hmac()
- hash_file()
- hash_init()
- hash_hmac_init()
- hash_update() (could also be a method)
- hash_update_file() (could also be a method)
- hash_update_stream() (could also be a method)
- hash_final() (could also be a method)
- hash_hkdf()
- hash_pbkdf2()
That clearly does not scale. See also my previous reply to Rowan
regarding the documentation.
It's clearly a topic for the farer future, but if / When tagged unions
[1] make it in the language, I plan to propose an update allowing to
pass an algorithm enum, including all the necessary options to the hash
functions. This would make the algorithms more discoverable, easier to
independently document and remove the footgun of needing to provide a
matching untyped options array (which incidentally is also listed in the
deprecation RFC as a footgun).
[1] https://wiki.php.net/rfc/tagged_unions
I'd also like to note that providing the hash algorithms by a generic
interface is not particularly unusual. Here's two examples:
- node.js: https://nodejs.org/api/crypto.html#class-hash
- Python: https://docs.python.org/3/library/hashlib.html (which also
takes a named constructor, which would be reasonably similar to my
tagged-union proposal above).
Other languages, such as Ruby or Golang, appear to use a Hash interface
with appropriate methods, but I am not sure if this is a good fit for
PHP given the way the documentation is structured, with a dedicated page
for each and every function or method, and the fact that PHP does not
provide for extension methods, which would require implementing the
convenience functionality for each algorithm separately - or as
standalone functions.
Best regards
Tim Düsterhus
