Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117098
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95431 invoked from network); 21 Feb 2022 11:25:55 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 21 Feb 2022 11:25:55 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id F2205180551
	for <internals@lists.php.net>; Mon, 21 Feb 2022 04:45:07 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <rowan.collins@gmail.com>
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 21 Feb 2022 04:45:07 -0800 (PST)
Received: by mail-wm1-f46.google.com with SMTP id l2-20020a7bc342000000b0037fa585de26so412466wmj.1
        for <internals@lists.php.net>; Mon, 21 Feb 2022 04:45:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :references:from:in-reply-to:content-transfer-encoding;
        bh=2/4l8EfdRckgvr5Jtkc+6w1QghKzSOeODL2b6aUhyEE=;
        b=Zz2FuqcSH74Vk+1TPsCm7sn3MByEQOGMl7k4mythhrH/BT46jkW8rmUYXQhmcFNZ3G
         qb8E6yMIE3KRlal5zqKigyHPNYn/U8cIMSCDzaqIstjtFp9XuIs4jK54jiSKAzJmEW7o
         cAR1Jl/XneF1CLTKaOrScrK6/Y3yO6KbCNLuwXS5MoNBF7abvJWGNxsws4kaM7L2/x/S
         lQE8ZTGFljiv+uqpctgBlSQg7SWMB6lsH85ttHqd3BeH4dnDU7nwpXh+JB+K70ZQML4w
         lUl1qByrVTyRuV1Zo3SWse+DT624BrSsWcsH6HGDl0HIkDcMoi0FOC32tqdSN4WF+x9d
         Ix4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:references:from:in-reply-to
         :content-transfer-encoding;
        bh=2/4l8EfdRckgvr5Jtkc+6w1QghKzSOeODL2b6aUhyEE=;
        b=sjYBfqOZoeO9Q76jQaqkB/usRkBuikTrI+EYCMQzEL7VJj72oWikfIEcecb1BZn31B
         vidmTGUS/Pe2MRyxDN5zq8euwIjORDr8Dj5nd0D+WLfIo+QtzC6/+tnPEIbYP3zJPVpJ
         7bvEapverxJE/XMOqG7dg9FMtMbiRn/pkOTnNyhrnynVv2qClFpYFhFAg2CJ9gFGD1m+
         k79M5u2k0ltTeyZV+19U51gtUOXA3Q7a+5FMb3tNEtWl1CWr2RF/rOxoa2TWuw0H7KOZ
         2bWzYk+d36FaoUJhdjIkC9ACLryFfhLe4cP9H0OzC+wRkaTcMlNw0cPoCQnSo32o12bh
         hP3g==
X-Gm-Message-State: AOAM5312Y/WHnjXUlIosOPBu+5geBCkxd1OQFdiNwxcE57DQFwTie9c4
	22sJm71tp0QPA+4oYpkSuqgG0bJIukCYRA==
X-Google-Smtp-Source: ABdhPJzb+TC/4oTEIaFJOFmX4jHoDDfS53EBO/L0QfwegUxQW50VDxdK8f6JGqNQDYIT69B5IqnIew==
X-Received: by 2002:a05:600c:434b:b0:37b:ce3f:245c with SMTP id r11-20020a05600c434b00b0037bce3f245cmr17794990wme.128.1645447506399;
        Mon, 21 Feb 2022 04:45:06 -0800 (PST)
Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37])
        by smtp.googlemail.com with ESMTPSA id t187sm7547740wma.22.2022.02.21.04.45.05
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 21 Feb 2022 04:45:05 -0800 (PST)
Message-ID: <d1a0ac19-5369-f1ab-5eba-0633b3a0a4a1@gmail.com>
Date: Mon, 21 Feb 2022 12:45:04 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.6.1
Content-Language: en-GB
To: internals@lists.php.net
References: <5983302.2649742.1645319015766@email.ionos.com>
 <6238bf00-011e-35cc-d84b-4082b4f05099@gmail.com>
 <497325306.1564942.1645357444018@email.ionos.com>
 <3c6871ca-589d-6812-800c-a3b9ad6bb575@bastelstu.be>
 <CADyq6sLWRfD2DJwRNWmX=s7rbA2Rs+Agu9tsW9mLQbCeJ27vwA@mail.gmail.com>
 <40015164-ac0c-336d-c7d6-c4766d6caff8@gmail.com>
 <CADyq6s+e_Jkwg1UoGS_e23=6FciRB2-d8q_NxkREMt45f=vs8g@mail.gmail.com>
 <b52c5f52-3295-7792-1897-c170bb132331@bastelstu.be>
 <CADyq6sKjgkM2z_MkYypw79E-payfVG4m7hdsbDoLTPnSJMTLhA@mail.gmail.com>
 <7527ab0b-bed1-6788-a0ff-e75672054be7@bastelstu.be>
 <CADyq6s+0-tWjLbMz5k-DyJ0UpQtkw5GYiUJaQsd7awGmLdRpxQ@mail.gmail.com>
 <CAEKnhAF0BmuE3=+FF4EgKGTzDmpnSnOtgJAe0=Foyp5N50LEMQ@mail.gmail.com>
In-Reply-To: <CAEKnhAF0BmuE3=+FF4EgKGTzDmpnSnOtgJAe0=Foyp5N50LEMQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] RFC proposal to deprecate crypt()
From: rowan.collins@gmail.com (Rowan Tommins)

On 21/02/2022 12:28, Jakub Zelenka wrote:
> We can see
> that there are some valid use case for using crypt directly and we can also
> see that it's offered by other languages as well - e.g. Python:
> https://docs.python.org/3/library/crypt.html  .


I think this is quite an important point: if crypt() worked with some 
wacky homebrew format that only PHP understood, then planning to remove 
it would make sense. But since we don't have control over applications 
*outside* PHP, providing the low-level function that interoperates with 
them, and is hard to implement in userland, seems useful.

If updating the manual isn't enough, we could make more aggressive 
changes short of removal, such as renaming "CRYPT_MD5" to 
"CRYPT_INSECURE_MD5" and so on.

Incidentally, does the function now support Argon hashes, or are they 
implemented separately in the password functions?

Regards,

-- 
Rowan Tommins
[IMSoP]