On 26.07.2024 at 15:13, Rowan Tommins [IMSoP] wrote:

> On Fri, 26 Jul 2024, at 12:58, Tim Düsterhus wrote:
>
>> CRC32 does not claim to be a cryptographically secure hash algorithm.
>> Its use case is completely different.
>
> As an inexperienced user looking at the PHP manual for hash() and 
> hash_algos(), how would I know that? It's right there in the list, just after 
> something called "adler32".

Well, you are supposed to also check the hash_hmac() documentation,
where a changelog entry for 7.2.0 states:

| Usage of non-cryptographic hash functions (adler32, crc32, crc32b,
| fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled.

Or maybe we should fix <https://github.com/php/doc-en/issues/3616>.

Cheers,
Christoph

Reply via email to