On Mon, 10 Feb 2020 at 22:50, Tom Van Looy via internals < internals@lists.php.net> wrote:
> Hi > > While in some environments the use of MD5 and SHA1 are still acceptable for > some use cases like file integrity verification etc. the use of these > algorithms should be discouraged and not be your choice when developing new > applications. > > I suggest to deprecated the functions md5_file() and sha1_file(). This will > make people think about upgrading to a better alternative. If you still > need this functionality you can always switch to the hash_file() function. > > Carrying around these two dedicated functions seems a bit too much for a > modern PHP. What do you think? > > My feeling was that this is a no brainer. Should I open an RFC for this? > > Kind regards, > > Tom Van Looy > I feel that if we deprecate the file versions of these algorithms we probably should also deprecate the ones which work with plain old strings, namely md5() and sha1(). [1] [2] It should be noted that these hash functions would still be available through the Hash extension which is always available as of PHP 7.4 as it became a core extension. Depending on how controversial these deprecations are they could be bundled with the big deprecation RFC for PHP 8.0, which is currently in draft. [3] George P. Banyard [1] https://www.php.net/manual/en/function.md5.php [2] https://www.php.net/manual/en/function.sha1.php [3] https://wiki.php.net/rfc/deprecations_php_8_0
