Re: [PHP-DEV] RFC proposal to deprecate crypt()

Hi! On 2/19/22 6:03 PM, st...@tobtu.com wrote: crypt() should be deprecate because it can be used to create bad password hashes: I don't think it's a good reason for deprecating functions. A lot of functions, if used incorrectly, could produce bad results, it's not the reason to not use

Re: [PHP-DEV] RFC proposal to deprecate crypt()

hash() is for cryptographic hashes and checksums. crypt() only supports password hashing algorithms which should not be used as a cryptographic hash or checksum because they are purposefully slow. > On 02/19/2022 7:16 PM Vasilii Shpilchin wrote: > > > Hashes are not for passwords only. For

Re: [PHP-DEV] RFC proposal to deprecate crypt()

Hashes are not for passwords only. For instance, hashes usually in use in sharding and to calculate checksums. I suggest to add a warning to the documentation, something like: if you need to hash a password, use password_hash(). Best regards, Vasilii. On Sat, Feb 19, 2022, 8:03 PM wrote: >

[PHP-DEV] RFC proposal to deprecate crypt()

crypt() should be deprecate because it can be used to create bad password hashes: * descrypt: 12 bits of salt is too small and it's ~100x faster to crack than md5crypt. Which itself is too fast for password crackers (see CVE-2012-3287). * Extended DES: 24 bits of salt is too small. * md5crypt

[PHP-DEV] Re: PHP 7.4.28 Released!

"Christoph M. Becker" in php.internals (Fri, 18 Feb 2022 16:26:20 +0100): >On 18.02.2022 at 16:02, Jan Ehrhardt wrote: > >> Derick Rethans in php.internals (Thu, 17 Feb 2022 14:42:47 + (GMT)): >>> The PHP development team announces the immediate availability of PHP >>> 7.4.28. This is a

Re: [PHP-DEV] [RFC] Undefined Variable Error Promotion

Thanks! That’s all really useful information! Are we sure we want to change a language idiom though? The warning is useful (you can choose to ignore/suppress it or not) for most of us, that’ll result in better code. But it is a useful idiom. Get Outlook for iOS