Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117077 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 15476 invoked from network); 20 Feb 2022 13:16:11 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 20 Feb 2022 13:16:11 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 07C27180540 for ; Sun, 20 Feb 2022 06:35:11 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 20 Feb 2022 06:35:10 -0800 (PST) Received: by mail-qv1-f54.google.com with SMTP id fh9so25598258qvb.1 for ; Sun, 20 Feb 2022 06:35:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EEpornBw7PTZ0L2gRErQG7zr2pnpt3nJp/1VTpkHU4I=; b=ZgAeY/h4ME/tJ5yjJkQjPdw+5QcWUot2/jJgeyi8J/Yc6ynu5bMUcOEqrUwei2PBuY F839o9MwhsurXLLF3TerXtTP2X7UWEj9dXXHSPO6JL3I5meen6y+idcFfkrhBEjr5fbh 1XrjLoPUDQEMsfQr0ZsM/fwgjAEN16UfMxZioDdQoEhkCKLdzp7CUpOIeoi0I0ltKm6J 6o0pP0g2f+feThR1ttEGJDIRencgpezbsRBtHvdtkcABeb8OV5VFiQRlEB9ErGNCLW3p H4kCiBpp9CjU58IyzPjxmzg6TnAZemk9sjk/POD/zOHGqtcBeoC3YMdhTeVZNlyqoiQZ P38w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EEpornBw7PTZ0L2gRErQG7zr2pnpt3nJp/1VTpkHU4I=; b=7g3vu8vaUOHj2sJsE35ur5F/rGEFpxTCezpEEB6w+lsp+Gc/yXcUv3KGzrh/jT4Tfa jso8RVy361qTgJibYik+ro421ANaAw+9shNsegMLBfBXtNfv45/vrChsp9kO5o6vBuH2 nt4XJr5Doa6b+5++dz5QGh1Glle3l+xTzBsUiA8cMlANU+L7djOfNYTG/DDXLIQ4oZY4 DNBlIsCBqWoB6+E+AptihkYj3l4Qm5H5UxVUK3QwOAaNt4m/YOcMYr7KxvS5pivvIbXH aRkhuKUrTwdbkF/YbIqCYh6FffFDUlcO2WWBo+dok7GW5jsMjYZUEMx4Bi1lgzYn9Orl KxXA== X-Gm-Message-State: AOAM5309CHnaIGyvszORiYXhnh52bBr4uMm/AAm9n4llQxcMPogoDZ7x pQBY1RCF6dM9rXPc2Y028m5HbAVJvToVaqsqUsI= X-Google-Smtp-Source: ABdhPJzBq2sSBSgEbh1GQFJCeHbO5VBt9eC8VwUCtUO90WwuYfdPyA57qXShIaU+cOpnc5lFHhxjJXljcAXMZr4hJdI= X-Received: by 2002:ac8:4e8d:0:b0:2dd:e170:830b with SMTP id 13-20020ac84e8d000000b002dde170830bmr4791842qtp.539.1645367709919; Sun, 20 Feb 2022 06:35:09 -0800 (PST) MIME-Version: 1.0 References: <5983302.2649742.1645319015766@email.ionos.com> <6238bf00-011e-35cc-d84b-4082b4f05099@gmail.com> <497325306.1564942.1645357444018@email.ionos.com> <3c6871ca-589d-6812-800c-a3b9ad6bb575@bastelstu.be> In-Reply-To: Date: Sun, 20 Feb 2022 14:35:00 +0000 Message-ID: To: Marco Pivetta Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus?= , steve@tobtu.com, Stanislav Malyshev , PHP Internals List Content-Type: multipart/alternative; boundary="000000000000dfecff05d87405ef" Subject: Re: [PHP-DEV] RFC proposal to deprecate crypt() From: tekiela246@gmail.com (Kamil Tekiela) --000000000000dfecff05d87405ef Content-Type: text/plain; charset="UTF-8" I think it's a great idea to deprecate crypt(). I wouldn't want anyone to use it in a new code. For legacy applications, we are giving them enough time to upgrade their password storing policy. Also, it's not like we are removing support for hashing in general from PHP, we are just deprecating a function that should not be used for password hashing. There's a suitable replacement and it's also possible to create a shim for the crypt() function if one really needs it. I also recommend reading this article https://www.michalspacek.com/upgrading-existing-password-hashes --000000000000dfecff05d87405ef--