On Mon, Jul 15, 2024 at 4:31 PM Tim Düsterhus <t...@bastelstu.be> wrote: > > Yes it does. SHA-256 is safer than MD5. And on modern CPUs with sha_ni > extensions, it's also faster. The following is on a Intel i7-1365U: > > > $ openssl speed md5 sha1 sha256 sha512 > > *snip* > > version: 3.0.10 > > built on: Wed Feb 21 10:45:39 2024 UTC > > options: bn(64,64) > > compiler: *snip* > > CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x98c027bc239c27eb > > The 'numbers' are in 1000s of bytes per second processed. > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 > > bytes 16384 bytes > > md5 114683.10k 286174.51k 550288.90k 715171.50k > > 783611.22k 788556.46k > > sha1 138578.57k 440607.38k 1082163.29k 1674088.45k > > 2017296.38k 2047377.41k > > sha256 150670.11k 460483.71k 1054829.57k 1553830.57k > > 1807897.94k 1823981.57k > > sha512 41246.76k 181566.07k 341457.66k 645468.50k > > 781042.81k 804296.02k > Tim Düsterhus
Oh, that's interesting information. Blindly assuming that md5 was faster than sha256, I did occasionally use md5 for non security sensitive things like creating hashes used as cache keys or something similar. Consider something like: $cache_key = md5(json_encode([ 'query' => "SELECT * FROM books WHERE author = ? LIMIT $offset,$limit", 'params' => $params, 'db' => 'kids_books', ])); I think that would resolve my last possible reason for continuing to use md5.
