Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:108443
Return-Path: <tom@ctors.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79184 invoked from network); 10 Feb 2020 23:43:04 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Feb 2020 23:43:04 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id B850A1804AB
	for <internals@lists.php.net>; Mon, 10 Feb 2020 13:56:49 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <tom@ctors.net>
Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 10 Feb 2020 13:56:49 -0800 (PST)
Received: by mail-qk1-f172.google.com with SMTP id w15so8175571qkf.6
        for <internals@lists.php.net>; Mon, 10 Feb 2020 13:56:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ctors.net; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=fgho8/TXhmbSS8vRGYTjuL7E4uUA8sDABYNrtAOhzaI=;
        b=qqLdfjXApglSas/2Gfr576tHdoUk2o10MH86vY1St2Piv4l28OrpQtjV0gIsCcVTB2
         fmRyMgCHWWqbpxI2oI2AT9VwtIg6WVG/qb+AUnyXl/uV4pLqF7hq46+3ybxSBz0OzVqX
         mM2wRQMSo9CD+b1IO5WmxL5pzlfNeKL/MR4D7mSOWPPKgUiqFe+jycWSNhCbUeoRmCtE
         6D1VDoAZBcaLwslgafIUkQQoxgL2EiIK5wOVmmLhY5P5F0a2OQxdxXLf6VgdqLklDiAW
         jGg5viOxiNjbgi7Hat63HCV3PQILtze4rq6NPs0tAEpLgxj9dZZDyISjFQrttgDD0jmH
         MzBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=fgho8/TXhmbSS8vRGYTjuL7E4uUA8sDABYNrtAOhzaI=;
        b=lVPBkAJ1ek24OiXwklo87/2uwDttINfJrEAlmywhq4kHqZcX4StFvhKIbgMmNL/tyX
         46RslqFl1GFRf0NlABqhRkHHeeEKYoaNiaroQ1ElChiwMnj33jmcSfgSVuOkranLhfzf
         43yp18408rdgCvKwmjbsi4R2MfSVAmSyrzadroHksPZmGJW+b7OtVPH2ryeY9mipb7hN
         QP+m7si9u5mhlMeneUWb+lluAT1bmGN3mz8WcJBAVcbkVQhRC1cXHWCusjOTXpG/wpnP
         lpHmyr4C0rL6clrymQ4R2Mwlb37jSDu41e+/dlkkcMJIAEDF8I44cjUL+uHWSRk1HD5K
         4JZA==
X-Gm-Message-State: APjAAAXK6xaQT0Td3dvAYFcyk0gYmjfEPaU9kEwINT+mOe9VKSeAL5/w
	iAbVNHqGAtjA2/rrA7Lb/rrn86u6Xjml3c94INfHRg==
X-Google-Smtp-Source: APXvYqx7U7RsF/PazbychMEG+giktUWfrFr9ahTW1l2iLHf1UYcoL0a2b9nPCifD1bWKHz2tE18iEYdNDrohLooH8mw=
X-Received: by 2002:a05:620a:108d:: with SMTP id g13mr3403867qkk.121.1581371806314;
 Mon, 10 Feb 2020 13:56:46 -0800 (PST)
MIME-Version: 1.0
References: <CAN+C6bVeO4nU_3egiwhM0MML9NUJJB4oYgWVUo_bhJRPKUVpPQ@mail.gmail.com>
 <CADbOR2i3Jq25rVPwvYtRN=mJ+rrJH40LhyvzpBx89t1tob6_Ag@mail.gmail.com>
In-Reply-To: <CADbOR2i3Jq25rVPwvYtRN=mJ+rrJH40LhyvzpBx89t1tob6_Ag@mail.gmail.com>
Reply-To: Tom Van Looy <tom@ctors.net>
Date: Mon, 10 Feb 2020 22:56:35 +0100
Message-ID: <CAN+C6bVbQ4c4hePaikyppirmb9R5y3-NFx_JZFNABvhqOoTPEA@mail.gmail.com>
To: j adams <zardozrocks@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000c600a6059e3fd02c"
Subject: Re: [PHP-DEV] [RFC] deprecate md5_file and sha1_file
From: internals@lists.php.net ("Tom Van Looy via internals")

--000000000000c600a6059e3fd02c
Content-Type: text/plain; charset="UTF-8"

the hash_file() function still supports md5 and sha1 so people that need it
should then migrate to hash_file('md5', ...) or hash_file('sha1', ...)
instead. That was the idea

Kind regards,

Tom

On Mon, Feb 10, 2020 at 10:52 PM j adams <zardozrocks@gmail.com> wrote:

> I disagree. While MD5 and SHA1 might not be suitable for modern
> cryptographic operations, these functions might be needed for legacy
> situations -- e.g., munging through old data.
>
>
> On Mon, Feb 10, 2020 at 1:50 PM Tom Van Looy via internals <
> internals@lists.php.net> wrote:
>
>> Hi
>>
>> While in some environments the use of MD5 and SHA1 are still acceptable
>> for
>> some use cases like file integrity verification etc. the use of these
>> algorithms should be discouraged and not be your choice when developing
>> new
>> applications.
>>
>> I suggest to deprecated the functions md5_file() and sha1_file(). This
>> will
>> make people think about upgrading to a better alternative. If you still
>> need this functionality you can always switch to the hash_file() function.
>>
>> Carrying around these two dedicated functions seems a bit too much for a
>> modern PHP. What do you think?
>>
>> My feeling was that this is a no brainer. Should I open an RFC for this?
>>
>> Kind regards,
>>
>> Tom Van Looy
>>
>

--000000000000c600a6059e3fd02c--