On 26.07.2024 at 15:13, Rowan Tommins [IMSoP] wrote: > On Fri, 26 Jul 2024, at 12:58, Tim Düsterhus wrote: > >> CRC32 does not claim to be a cryptographically secure hash algorithm. >> Its use case is completely different. > > As an inexperienced user looking at the PHP manual for hash() and > hash_algos(), how would I know that? It's right there in the list, just after > something called "adler32".
Well, you are supposed to also check the hash_hmac() documentation, where a changelog entry for 7.2.0 states: | Usage of non-cryptographic hash functions (adler32, crc32, crc32b, | fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled. Or maybe we should fix <https://github.com/php/doc-en/issues/3616>. Cheers, Christoph