Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124596
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 5B32B1A00B7
	for <internals@lists.php.net>; Thu, 25 Jul 2024 22:26:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1721946509; bh=YE2aQWMwaGgKuZOQjwMJHj3Qi9lJ1JUG65YHBhcyGyg=;
	h=Date:From:To:Cc:In-Reply-To:References:Subject:From;
	b=b85ibm7XbpCMWeEqHBmb8Xx/4zDezCRdhmUa3QSKPLDfPmoSqDbzxDor/WhguHCjt
	 pOlmrRM9YPLvlOjeNEmCfkiN9mJt2t4GV+Jwq9EPd2TMk8cvdZ2A+LRMUUrMNyHOrC
	 1MxZUEBV/ppU9hA+nz/Weiz7vK31lmKFZAdmlreGYCze77fDykt2bI2TrSRVQNxp4W
	 28H1sOcgUzIztGgPPudDmNPqbK9hMg/aWDT0MhDdU5W9E17u/OuKWwwMTmH+SU6+Du
	 nlWOFwrn04GGW5MF1Say1AdGtlfez846tQhzyb0jQFncr9Iufnd1+xAllav4bqxI3N
	 aO1LDBE+oyWRw==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 89922180056
	for <internals@lists.php.net>; Thu, 25 Jul 2024 22:28:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DMARC_MISSING,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <mike@newclarity.net>
Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 25 Jul 2024 22:28:28 +0000 (UTC)
Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-e0857a11862so1341151276.1
        for <internals@lists.php.net>; Thu, 25 Jul 2024 15:26:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=newclarity-net.20230601.gappssmtp.com; s=20230601; t=1721946412; x=1722551212; darn=lists.php.net;
        h=mime-version:subject:references:in-reply-to:message-id:cc:to:from
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=WgCowMqBjqEmlneFZsB0TUt12gdV/LfVf6HKTGAkny8=;
        b=E7BVFCJw0f0r15HhRxv3XvoYNtwz076XMpSWpDbXsu7nJCrGVg/PquhcMa3hmVXxoG
         vT+kDaUVjYaYwhFls2Tnvilv6vcZ33TzFzUBWmEM2MKXY3wEJIA0Mj6+8WGA+kNQAtPX
         3/TKmtyKXUVyK4zPOBWPOgNiM1hzZLTkxgFGnXr/6P1FTceHuwVAyfrfjkUxwnNLNSOu
         0HvMYncMRWXrZuvoIoUhQ25YL3QTG3uM+4IQy0F4i4NCST5+jswDjTr0oGOFdAOEkYTt
         0FL5rNKBBSJbk/KWslQhtuxGJS89IQ8ewteKfua2gsUyYq/pfos3d3KIfdlcIEd3BO7S
         Crmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721946412; x=1722551212;
        h=mime-version:subject:references:in-reply-to:message-id:cc:to:from
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=WgCowMqBjqEmlneFZsB0TUt12gdV/LfVf6HKTGAkny8=;
        b=aSYwCVtdKoTGG2Bo1vJnm26OmloqB2TO2KRTWDXthvGRRmoJpNuiusmlz9SMlXPHze
         pXLjmSEbyGODWHCwT1gRO8DIJ2X98SKrV/VcQvyEc7Kvj+4A4VJx8NAudQS0rYRIk1t7
         TJXbzywMWimwhWZjKEMuO++j6lJo26783i3K4WB9a+u2mWjNUUDu59tN9okUm7cV46uq
         mJ4+xD9uuLc4q16bOqq73IFmwUE4j2kQlrgbe0ZUU09DR8Mc9kLrjVyUzerzaBSazlPP
         WPzrZsdVxMKYvu4Kdo9zzU6m8yfwZ4Wvgl3TvRKghf/J3siJcixVD+/rvy7XAmnXcAXS
         E9SQ==
X-Gm-Message-State: AOJu0YzzuF62gu199I2JAYcA9X8rdYLcs5cvO1JVImw0sKyuyFcrkAJa
	scKfBLNWYhI4PXFGjgAHYEm7WvPIgB8/GmmtVbBylUOFn1zPrXztxHwQENLUJ4iwzAB/dZu5X13
	DRyE=
X-Google-Smtp-Source: AGHT+IEF0ZuYypGieYFbW3kN/TcMojxx3CdUM4uhlm+iwOwtvEcyLyRhjO54U0Rtgdo5J1K1QnFU9g==
X-Received: by 2002:a81:7c87:0:b0:63b:ce21:da7f with SMTP id 00721157ae682-675127d33fbmr45842187b3.21.1721946412497;
        Thu, 25 Jul 2024 15:26:52 -0700 (PDT)
Received: from [192.168.1.227] (c-98-252-216-111.hsd1.ga.comcast.net. [98.252.216.111])
        by smtp.gmail.com with ESMTPSA id 00721157ae682-6756811222asm5831497b3.69.2024.07.25.15.26.52
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 25 Jul 2024 15:26:52 -0700 (PDT)
Date: Thu, 25 Jul 2024 18:26:51 -0400
To: Nick Lockheart <lists@ageofdream.com>
Cc: Internals <internals@lists.php.net>
Message-ID: <0A03EC18-A130-41A1-9064-AC88B161C94E@edison.tech>
In-Reply-To: <9041cba85d6439682bb44fcb29210c944dbe3911.camel@ageofdream.com>
References: <USzt7tZZlO1DmAbSTLhD-bqa23FqZn0zk2aah8Ndxgk9c7RY5PefQ8MjbYPUYAzr2_m4Cf-5AI4PuNBTS84rim_FNS6RaT-cWSv714HEvvU=@gpb.moe>
 <1a88918e-e808-d778-45e1-53797660e093@php.net>
 <CAPrKfG5Cw_nU7g7FR+t4C1-YZ8CDsDO_-sRs=yEsHO5kCTZL+A@mail.gmail.com>
 <c03eb187-bd21-4a4b-9faf-8d0243eaa994@varteg.nz>
 <aa6bc7aa-28d9-40ca-974f-65075adb6199@rwec.co.uk>
 <9041cba85d6439682bb44fcb29210c944dbe3911.camel@ageofdream.com>
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="66a2d12b_327b23c6_60ee"
From: mike@newclarity.net (Mike Schinkel)

--66a2d12b_327b23c6_60ee
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

     
 

 
 
 
 
 
 
 
 

 
 
>  
> On Jul 25, 2024 at 6:02 PM,  <Nick Lockheart (mailto:lists@ageofdream.com)>  wrote:
>    That's a good point. What if there were crypto functions that worked
>  
>  
>  like password_hash() in that they had one generic function name, but magically used the new/better "best practice" algorithms as time went by without the need to update any calling code? Maybe there should be three generic-named functions: fast_hash() // not secure, makes UIDs quickly secure_hash() // uses best practice one-way hash algo secure_crypt() // uses best practice reversible encryption. Then the developer signals their *intent* by choosing a function name, and the algorithm magically works underneath (perhaps with the option of an ini override to make those functions work in different environments). 
>
>  
 
 
 
 
 

 If those _were_ added, I would bikeshed their names to make sure their intent was 100% clear: 
>  
 
 
 

 
 
insecure_hash() // not secure, makes UIDs quickly
 
secure_oneway_hash() // uses best practice one-way hash algo
 
secure_reversible_hash() // uses best practice reversible encryption.
 

 
-Mike
 
 
     
--66a2d12b_327b23c6_60ee
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<html><body><div id=3D=22edo-message=22><div></div><br></div><br><div id=3D=
=22edo-meta=22><div id=3D=22edo-signature=22 style=3D=22font-family: sans=
-serif, 'Helvetica Neue', Helvetica, Arial;=22></div></div><div id=3D=22e=
do-original=22><div><br><br><blockquote type=3D=22cite=22 style=3D=22marg=
in:1ex 0 0 0; height: min-content; border-left:1px =23ccc solid;padding-l=
eft:0.5ex;=22><div>On Jul 25, 2024 at 6:02 PM, &lt;<a href=3D=22mailto:li=
sts=40ageofdream.com=22>Nick Lockheart</a>&gt; wrote:<br><span style=3D=22=
-webkit-tap-highlight-color: transparent; text-align: inherit; background=
-color: inherit;=22>That's a good point. What if there were crypto functi=
ons that worked</span><br></div><div><pre class=3D=22edo-pre=22>like pass=
word=5Fhash() in that they had one generic function name, but
magically used the new/better =22best practice=22 algorithms as time went=

by without the need to update any calling code=3F

Maybe there should be three generic-named functions:

fast=5Fhash() // not secure, makes UIDs quickly
secure=5Fhash() // uses best practice one-way hash algo
secure=5Fcrypt() // uses best practice reversible encryption.

Then the developer signals their *intent* by choosing a function name,
and the algorithm magically works underneath (perhaps with the option
of an ini override to make those functions work in different
environments).</pre></div></blockquote><div id=3D=22edo-meta=22><div id=3D=
=22edo-signature=22 style=3D=22font-family: sans-serif, &quot;Helvetica N=
eue&quot;, Helvetica, Arial;=22></div></div><div id=3D=22edo-original=22>=
<br>If those =5Fwere=5F added, I would bikeshed their names to make sure =
their intent was 100% clear:<blockquote type=3D=22cite=22 style=3D=22marg=
in: 1ex 0px 0px; height: min-content; border-left-width: 1px; border-left=
-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 0.5ex=
;=22></blockquote></div></div><div id=3D=22edo-original=22><br></div><div=
 id=3D=22edo-original=22><div id=3D=22edo-original=22>insecure=5Fhash() /=
/ not secure, makes UIDs quickly</div><div id=3D=22edo-original=22>secure=
=5Foneway=5Fhash() // uses best practice one-way hash algo</div><div id=3D=
=22edo-original=22>secure=5Freversible=5Fhash() // uses best practice rev=
ersible encryption.</div><div><br></div><div>-Mike</div></div></div></bod=
y></html>
--66a2d12b_327b23c6_60ee--