Sara Golemon wrote:
with MD5 and SHA1 more or less broken
Overstatement much?
I've had implementations of sha256,384, and 512 lying about for months now
(possibly over a year), but was told they didn't have a place in core since
mhash provided the functionality (A statement I recall agreeing with at the
time fwiw). What changed?
One consideration, if one wanted to deploy PHP in a FIPS compliant manner,
is that reimplementations of these algorithms is not acceptable. One clean
solution if linked against OpenSSL is to dispatch sha256/384/512 to those
certified algorithms.
But in any case, all three certainly make sense. Adding sha256 alone sure
seems like a false start.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
