Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124439
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 982331A00B7
	for <internals@lists.php.net>; Mon, 15 Jul 2024 21:29:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1721079075; bh=pAW2SnZrVISL/7fbT+jL6nqdyo8X5CfCQY9GSUW4yHs=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
	b=YXkC629FYuWtQJA/k3vNKbu38rMlznDPKDWlyNhGqX0FlpE5+Z+yQhg5CWEpgWakJ
	 8PCrC8aOgmyAC2ijQ+YZvSCzcdhXSFdsOjzdau80/7vL8yTrtXqameHdVGNDpOzXwj
	 4mx49F5nyvhw3svXNHNwR704H/Ho+x7ZmQFzw7HIszLLD+iNged8pFIzoDmqcNJPN7
	 PxidfFbVVh2uuJq8AqImEOENM426qmd2anRRyO8Xh/pYMHS09Rb0BvHLWauS+svAYR
	 4fIavt1vCpEhlTHJRJhMj8Ut/j12Pmi6sd9prLMjJ26kGZmdjZaSEGoyXOgMXamJF0
	 6OORq/3IY4oAQ==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id F2C33180068
	for <internals@lists.php.net>; Mon, 15 Jul 2024 21:31:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 15 Jul 2024 21:31:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1721078984;
	bh=+WFO5nP15B65I0FvrU5bR6GJ361Q99H5j+vfWVHD11I=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type:from:to:cc:subject:message-id;
	b=aETUdnfs1d0VsQhWwMCmtzQZwFYOL2wC+yrDLYEWeZRK/5KffsVhyyC7PdL0RGKxp
	 1Hpb77D1K6l9cRF/X2TyQ5s2th4PDao3IFkKwpDwFeuL9MivwI+g9aqmaMa/6OnnYO
	 8fUVgwf4LtDIkbn5h6qA7loGbL0tNm3e7SJiMZ6aDgKCWao4D35HxZYFZi51hOENKM
	 m7nsjh+xSmrlUcqx5itPQQD1RU+6f8QajGQE9BDGacmtJjogin0So7uP98g0bCq5gu
	 iXfWjmO0rAJPNzSdQ8XL3Nt48y93F8mDc2+enVguNU2CMrtzn6BgTPTeYE4gu/XR2c
	 Tc1c4y8WHCFuA==
Message-ID: <7322787a-2c35-4926-baae-84cf46a6acea@bastelstu.be>
Date: Mon, 15 Jul 2024 23:29:42 +0200
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
MIME-Version: 1.0
Subject: Re: [PHP-DEV] [RFC] Deprecations for PHP 8.4
To: Rob Landers <rob@bottled.codes>, "Gina P. Banyard" <internals@gpb.moe>,
 Juliette Reinders Folmer <php-internals_nospam@adviesenzo.nl>
Cc: internals@lists.php.net
References: <bw20I5b7ly3lSbI-2Bv3kfrfTVJbDo5RhwBiQa1PEwuLjprDJWptPajLiaialj1RLVKu7z1j0MofJUhhRVtzT_5i2E11oKeQx_VMUxnKhUE=@gpb.moe>
 <6683CDE4.7050607@adviesenzo.nl>
 <Skh-IB3l7OxslclNZdB5ZE3G5PaIvpoz3iojK10noNbXkj1odNNvzI5w7X1aSj7IKZ951646yQ8IrUW_wNaQuv94NB0jo3IXlFImcpu_hxc=@gpb.moe>
 <668B5728.40300@adviesenzo.nl>
 <3XlxyoEWXN5MLqWhlh4uQMXGc2DRs7OH72f_InABxrhsBVTZIPOrfO3qEKqG94844M2r3FUS_zGMa60dENgvLP6TC8zOWZASkN6w6ZxsaxM=@gpb.moe>
 <af9e728a-5961-4f90-85f9-f03b397fe837@app.fastmail.com>
Content-Language: en-US
In-Reply-To: <af9e728a-5961-4f90-85f9-f03b397fe837@app.fastmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=C3=BCsterhus?=)

Hi

On 7/15/24 16:12, Rob Landers wrote:
> This always gets me. "safer" doesn't have a consistent meaning. For

Yes it does. SHA-256 is safer than MD5. And on modern CPUs with sha_ni 
extensions, it's also faster. The following is on a Intel i7-1365U:

> $ openssl speed md5 sha1 sha256 sha512
> *snip*
> version: 3.0.10
> built on: Wed Feb 21 10:45:39 2024 UTC
> options: bn(64,64)
> compiler: *snip*
> CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x98c027bc239c27eb
> The 'numbers' are in 1000s of bytes per second processed.
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
> md5             114683.10k   286174.51k   550288.90k   715171.50k   783611.22k   788556.46k
> sha1            138578.57k   440607.38k  1082163.29k  1674088.45k  2017296.38k  2047377.41k
> sha256          150670.11k   460483.71k  1054829.57k  1553830.57k  1807897.94k  1823981.57k
> sha512           41246.76k   181566.07k   341457.66k   645468.50k   781042.81k   804296.02k

----

> example, if you were to want to create a "content addressable
> address" using a hash and it needs to fit inside a 128 bit number
> (such as a GUID), you may be tempted to take SHA-X and just truncate
> it. However, this biases the resulting numbers, which this bias may

This is false. For a hash algorithm to be considered cryptographically 
secure (which I consider to be a reasonable definition of "safe"), it - 
among other properties - needs to have the "avalanche effect" property, 
which means that any change in the input is going to affect each output 
bit with 50% probability.

This means that for a cryptographic hash algorithm - such as the SHA-2 
family - the resulting hash is indistinguishable from uniformly selected 
random bits. And this property also holds after truncation - you just 
have fewer bits of course.

See also: https://security.stackexchange.com/a/34797/21705

> be considered unsafe (such as using it in an A/B testing tool). Just
> because you have a short hash, doesn't make it "unsafe" as longer
> hashes can also be considered "unsafe." What people usually mean by
> this is in the context of encryption, and in those cases it is
> unsafe, but in the context of non-encryption, usage of truncated
> larger hashes is just as unsafe.
> 

I'm afraid I don't understand what you are attempting to say here.

Best regards
Tim Düsterhus