>I've had implementations of sha256,384, and 512 lying about for months now >(possibly over a year), but was told they didn't have a place in core since >mhash provided the functionality (A statement I recall agreeing with at the >time fwiw). What changed? > > Since a year a lot of things have changed. The progress in md5 and sha1 collision generation have been huge.
And it is really not needed to have every single hash function in core because then you can really use mhash, but we should have atleast one in the core, that is fit enough to survive the next months/years. Otherwise the majority of people will not have access to it, because their hoster does not provide mhash. (and many big open source PHP project simply don't use functions that are not in the core) Stefan -- -------------------------------------------------------------------------- Stefan Esser [EMAIL PROTECTED] Hardened-PHP Project http://www.hardened-php.net/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 -------------------------------------------------------------------------- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
