Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117073
Return-Path: <smalyshev@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 92106 invoked from network); 20 Feb 2022 05:52:03 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 20 Feb 2022 05:52:03 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 8E657180088
	for <internals@lists.php.net>; Sat, 19 Feb 2022 23:10:57 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <smalyshev@gmail.com>
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 19 Feb 2022 23:10:57 -0800 (PST)
Received: by mail-pj1-f52.google.com with SMTP id b8so12161253pjb.4
        for <internals@lists.php.net>; Sat, 19 Feb 2022 23:10:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :references:from:in-reply-to:content-transfer-encoding;
        bh=h6JEUSIT4uE53ur3ilL2fh0KTIzgWrogRoR5QmcgD0s=;
        b=THoWXWbXg0Yk0VevFQS6kdTYENFl5TjJtDPn5UpQ8EuTQkGgnfTLldjuxizxGh5JMI
         kmktUZ4AbJjV+HCTtQXQM1mXqv4OT9q/0SweM0IDVbfFNrLagqHWSHBtLTXyiXjXLkAg
         zUKLIwjZ/csn0CAk0VIHg3k0wNGqsBY1cUyKisa9laDdBbQrtzy9TwQdKIRge0X6tgFC
         b9oanvERu5BMD8XFEMcdQx6qloStDWuZBDQUDM0FAU2cK1lNAyV6YwXAe25xmbm3L1D0
         cafTe8PG3lgC8vwe9RNwwv2BAN7yB495ac+DZKjyDVWhV9jvHZLNVLjUAg1MxSQc6Wgd
         60EQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:references:from:in-reply-to
         :content-transfer-encoding;
        bh=h6JEUSIT4uE53ur3ilL2fh0KTIzgWrogRoR5QmcgD0s=;
        b=3xc1VI56AAjMRLDBOwPleYkG9MmkYJY+OnsngaTzPZEmly5meQgH67BVK08w8G3O4E
         ZlQOeAyxkQuDA27Bp8Nr/vdSHUGt4LjWXrEpceSAts1sJDbtyWQVkRNifhA8RXHOyDCu
         1GBLBLJQb7RsscnMv6/3pbK6MzI1unh2uYKOcw7IP+dK5KtzoRv2u/YOvfKPVuIKfhqw
         Q1KJ1AVtrUJuOemf7e7bdS7qBR3IYUUn2vWyGft+cgcAFQY+onrSaMhJSSk9b4ZZW3rD
         hmSz7Z4VH9sjp7tU05cbZyOHt1wXm8imeWjufznX7TvTCnneIiGjHH14MoMNbylwU0q8
         aZVQ==
X-Gm-Message-State: AOAM530jOUZOiguoY33AdbgEIlQOqr6LZ/XM+bX0QGyPsnstj9Ky7Dr9
	UO3eOarCJNiCLQH1MKtGsSRka2Z3NVHP
X-Google-Smtp-Source: ABdhPJxAQvrGag9VfnG2vTNHggR4qlNqT+Qay8FvGXea0qB/KFO9vPzNaSEycs+uJqpSQzn5xbVIBA==
X-Received: by 2002:a17:90a:e2cf:b0:1b8:e229:e6c3 with SMTP id fr15-20020a17090ae2cf00b001b8e229e6c3mr15812227pjb.167.1645341055679;
        Sat, 19 Feb 2022 23:10:55 -0800 (PST)
Received: from [10.230.0.28] (ec2-44-226-30-91.us-west-2.compute.amazonaws.com. [44.226.30.91])
        by smtp.gmail.com with ESMTPSA id k11sm8597208pfu.150.2022.02.19.23.10.54
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 19 Feb 2022 23:10:55 -0800 (PST)
Message-ID: <6238bf00-011e-35cc-d84b-4082b4f05099@gmail.com>
Date: Sun, 20 Feb 2022 00:10:57 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
 Gecko/20100101 Firefox/91.0 Thunderbird/91.6.0
Content-Language: en-US
To: internals@lists.php.net
References: <5983302.2649742.1645319015766@email.ionos.com>
In-Reply-To: <5983302.2649742.1645319015766@email.ionos.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] RFC proposal to deprecate crypt()
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

On 2/19/22 6:03 PM, steve@tobtu.com wrote:
> crypt() should be deprecate because it can be used to create bad password hashes:

I don't think it's a good reason for deprecating functions. A lot of 
functions, if used incorrectly, could produce bad results, it's not the 
reason to not use them correctly.

> Since password_verify() and password_needs_rehash() already supports hashes created with crypt(), the only thing needed to do is remove crypt().

Removing it would cause serious BC issues with no practical gain.

-- 
Stas Malyshev
smalyshev@gmail.com