Sara Golemon wrote: > Right, so bottom line, MD5 is showing signs of fatigue. Not "broken" or > even significantly weak when used properly, but she's in the twlight years > and it's time to send ma to the old folks home for some rest and green > jello. > Also there are sites hosting md5 hashes and the equivalent text for password cracking. > SHA1 isn't quite the matriach yet, but despite having miles to go before she > sleeps, it is prudent to bring along the next generation so they can pay the > medical bills when a bout of breast cancer stikes her out of the blue. > lol > Where the hell was I? Oh yeah... +1 on tossin' in sha256() and > sha256_file(). > +1
*snip* > Of course, these reservations are just about dulling down the scissor edges > for little Sammy Scripter who doesn't know any better. If I'm going to avoid > being hypocritcal then I have to toss out those arguments at the end of the > day and say I'm +0 on 'em. That is, if there's a strong push to include > them, I'll dig out my 384/512 implementations (which are straight math, no > library deps) and toss 'em in with Steffan's sha256(), but only for PHP 6.0 > (or PHP 5.1.1 if the RM feels that's appropriate). > Might be useful to squeeze it into 5.1.0, seeing that new features are normally not allowed to sneak in during a maintenance release? Regards --jm > -Sara > -- Jacques Marneweck http://www.powertrip.co.za/blog/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
