> > As mentioned elsewhere in the mail thread, `crypt()` is not designed for > fast hashing, and is in fact slow by design. >
What do you mean by slow? Are you aware that password_hash and password_verify for bcrypt are just wrappers around crypt? Just to note that by removing that, we would still need to keep php_crypt in the core and would just get rid of couple of lines for the actual function definitions and arguments so there's absolutely no benefit in terms of maintanance. We have got plenty of functions that are quite low level but offer some additional functionality that can be used by specialised libraries / apps. I think that it's much better to educate users by documentation rather than removing the actual functionality that has got some valid users. We can see that there are some valid use case for using crypt directly and we can also see that it's offered by other languages as well - e.g. Python: https://docs.python.org/3/library/crypt.html . Jakub