Hi On 7/28/24 06:33, Mike Schinkel wrote:
P.S. Frankly, I really would not want to see md5() nor sha1() removed because there are valid use-cases for them. I would at least like to see them kept in some form, maybe in an `\Insecure` namespace, or renamed `insecure_md5()` and `insecure_sha1()` or maybe add a third optional bool parameter `$insecure_ok` that defaults to `false` — or ?enum flag parameter accepting Hashing::INSECURE_OK as its only value — thus allowing developers to explicitly opt-in to insecure use.
Renaming the functions would do nothing but make this a backwards compatibility break, whereas a deprecation does not.
Remember: The algorithms are also available by means of the hash() function (and the related functions), without emitting a deprecation, warning, error, or Exception.
Best regards Tim Düsterhus
