Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124591 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 1050A1A00B7 for ; Thu, 25 Jul 2024 17:28:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1721928628; bh=EsLV03rhHz/8RiMxwsX4Xb985YheuAP9yTfQza3GzQE=; h=Subject:From:To:Date:In-Reply-To:References:From; b=LddBkdHOQWoQ4SGfrlJEFHNTrHjYPEFQFlX6a/KNR4vVhp+tEGC25/0DMGNSaEvuU gJy6f+/vDnp560QeEA6U8oaF+H/R/dE+OIOtlDzrA2mtStl2QmqMj35YIFbm53d6X2 YRnEKjfbrUdMd6ACkL105V6YnhHKJklQ8KPHk0zOis5KlLuNXs9+2cOavY5VHBqx1G Z2CcCrLboXpEgBfWcPjQvW91Eu5mp77EyjcOKoJoJzJ5JnIfdx8bOrqwn5rcEcihc0 lVxp6JFmJIxywizJqrUX9s/np2Dzqu5ntTnaY/rdM/DWLOSg803t2DhfdqjOvIUaEH Nl8nz7/IQzkaA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 341B6180054 for ; Thu, 25 Jul 2024 17:30:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_PASS, SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from ageofdream.com (ageofdream.com [45.33.21.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 25 Jul 2024 17:30:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ageofdream.com; s=ageofdream; t=1721928532; bh=EsLV03rhHz/8RiMxwsX4Xb985YheuAP9yTfQza3GzQE=; h=Subject:From:To:Date:In-Reply-To:References:From; b=BsrpS7UigEs/LCnF0sGstUi+XFv52osRypgpC/xnP8ZgSm4ba2iVWCZHeI73yNaPC kz6xvniJIYq8ZoC3+0uFcCq5oksrRng+59Z0EVIbcMLr3eQNdsoVgPEUbl5mWU0xMM PbuVIB55yIgTyclqmvTOWYpO53X6bh7LMsWJ0Et0N74H1mQNaR2mN30ItcyrEG0Gxp bxmzrxP+smYAeYf0D1+0wtHsOmwwu4jOQ/M+IEiFKUOShCDDGsVHURmlVyg9qRCeUg ybZ6T88x1waeUPCbENs6RFztkeR74B9Pj9KTO2zTtEC6gimmFHka7z3vlmF+1pSRim CUdDBP4OY1rpA== Received: from [192.168.1.7] (231.subnet-69-85-112.ellijay.com [69.85.112.231]) by ageofdream.com (Postfix) with ESMTPSA id 2BD3D2798F for ; Thu, 25 Jul 2024 13:28:52 -0400 (EDT) Message-ID: <68ba999c63215204227eae87af69572d25e6b1b8.camel@ageofdream.com> Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4 To: internals@lists.php.net Date: Thu, 25 Jul 2024 13:28:51 -0400 In-Reply-To: <95147d9d-d6e8-4396-bf0b-409c33679f90@bastelstu.be> References: <1a88918e-e808-d778-45e1-53797660e093@php.net> <95147d9d-d6e8-4396-bf0b-409c33679f90@bastelstu.be> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 From: lists@ageofdream.com (Nick Lockheart) On Thu, 2024-07-25 at 17:33 +0200, Tim D=C3=BCsterhus wrote: >=20 > As an example, using md5_file() to implement a cache buster is fine, > but a less-experienced developer may believe that md5_file() uniquely > identifies the file contents and use it in a way where strong=20 > collision-resistance against an adversary is required. >=20 > I'm positive that even existing projects written by experienced=20 > developers would benefit from re-checking if their use of MD5 and > SHA-1 is actually safe instead of assuming that this is the case, > when the specific functionality has been untouched for the last 10 > years. Isn't the philosophy of open source software "tools, not policy"? I'm in the process of refactoring an old framework and I just found a use of sha1(). It's being used to generate a unique resource lock. It doesn't need to be secure, just a fast and random UID.