Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:124600 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 37EED1A00B7 for ; Fri, 26 Jul 2024 06:44:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1721976357; bh=HPS3Tm0tu8S0HTNox1lkRojadEGd434hGRzComSCUOM=; h=Date:From:To:Subject:In-Reply-To:References:From; b=Mpz4I3mQpiP2xWJyeG9J+6QIkdA0HADMLXzeSCwTSXrvOqqbHOpXIPoRZbZjf76MS jJvOddJXWX8f8McQqXxKNmKMd1H42mL7DUXUzfNJ1UtzWgZLb1IyZlgMLLp1WL6qla x7BE5zYyfMkHx7unOEVJpSzc16xfp+OA0TGM1tO7boc3YHCbPyF97p6wu2uujPKCWO 8VI7uYn9rxAaT5PzBWpRr3IALI5L3m9lCq5zeKRe42Fg8wA8pk3YwzXvOKWKyU8pfh ZM4MjwGKPs9RrDzKgG09eSj6YBnhWfk6Uu2xTwTWYyzxtzBXrWqWAQKPJbnn8qgjla 0o/OZAsnvolWw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id BA18818002E for ; Fri, 26 Jul 2024 06:45:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from fhigh5-smtp.messagingengine.com (fhigh5-smtp.messagingengine.com [103.168.172.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 26 Jul 2024 06:45:55 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 90A5011401BC for ; Fri, 26 Jul 2024 02:44:19 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Fri, 26 Jul 2024 02:44:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rwec.co.uk; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1721976259; x=1722062659; bh=HPS3Tm0tu8S0HTNox1lkRojadEGd434hGRzComSCUOM=; b= Xan1QNH+FBuf89aMaIHIvLv+lZ2ibLgcfDhkxi/4idK+3RJig+kXjckVvpMrU/ye FtWVnXSvV1Lyq/q1vfW9kzEQ/2nW4fYeriutSSD74G/NvQ+nx6HKY0FXsf9FVM3o uS1DvClHliFLiaobwMMCqRu9O/BHpGA+nsGvkxglnxY9wbcoRD7hXn9rTLMtMIV/ PaoZ/qc+NKpfehZ4h8ZUgedXTOV8X0DeNdFrwrfpXtKxKfij4fESCvzM0+dStxN3 DQia3EazlmK4UAdwMocbpIoZLhTNMLyYK+Ly4NGtfWzbQGzxkM7bNwIuNaiP+ZEj cUmD6B/+wCWusv4zk4+oiw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1721976259; x= 1722062659; bh=HPS3Tm0tu8S0HTNox1lkRojadEGd434hGRzComSCUOM=; b=H GRhH/WywBjcR0bAOHsmzyxEyivuzPtYN56GuuKdCBIIhxgNHeGQiOWlBpo4mZYVL 7Pyd91864JGtCuPWFFzzYZazogXWWnJZZbLocxKZ47IpK8ijU+1fz4+B3qgvUnoP oDvfMda39Twx6PvaW6yJNTXQvMCYUKUTk5JuuIkq+qfqeQfQ+mUcZSgTn/CUxVDJ TN2zFs7+Xj2NGq3dXj6UXgYEuLiq9EZjUxp3LWlJ8TqEYpNA94U7X9ATvwIhNUBE QN2RjZMLFIw48fPQC1+GasyZUxf4Hzpi0iB4kHcfWAf9GHlRdc+q3jq4674edNq/ 0WSLElc7ULpHpVArZj5QA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrieeggdduudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvufgfjghfkfggtgfgsehtqh hmtddtreejnecuhfhrohhmpedftfhofigrnhcuvfhomhhmihhnshculgfkoffuohfrngdf uceoihhmshhophdrphhhphesrhifvggtrdgtohdruhhkqeenucggtffrrghtthgvrhhnpe ehleffteeigfevudetfedugedtudevledugeeugeelheeihfehgfdtkeevvefgleenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehimhhsohhprd hphhhpsehrfigvtgdrtghordhukhdpnhgspghrtghpthhtoheptd X-ME-Proxy: Feedback-ID: id5114917:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Fri, 26 Jul 2024 02:44:18 -0400 (EDT) Date: Fri, 26 Jul 2024 07:44:17 +0100 To: internals@lists.php.net Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4 User-Agent: K-9 Mail for Android In-Reply-To: References: <1a88918e-e808-d778-45e1-53797660e093@php.net> <9041cba85d6439682bb44fcb29210c944dbe3911.camel@ageofdream.com> <66A2D544.5060801@adviesenzo.nl> Message-ID: Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: imsop.php@rwec.co.uk ("Rowan Tommins [IMSoP]") On 25 July 2024 23:54:53 BST, Nick Lockheart wrot= e: >Doesn't password_hash() handle this automatically? The result of the >password_hash() function includes the hash and the algorithm used to >hash it=2E That way password_verify() magically works with the string >that came from password_hash()=2E For password hashing, you are always retrieving the hash for a specific us= er, and then making a yes/no decision about it=2E Indeed, it's an explicit = aim that an attacker can't take a password and quickly scan a captured data= base for matching hashes=2E For other uses of hashes, though, the opposite is true: you want to search= for matching hashes=2E For instance, when you store a file in git, it calc= ulates the SHA1 hash of its content to use as a lookup key=2E If that key a= lready exists in the local database, it assumes the content is the same=2E That also demonstrates another difference: hashes are often shared between= applications, where they need to be using an agreed algorithm=2E If a pack= age manager requires SHA1 hashes of each file, you can't just substitute SH= A256 hashes without some other agreed changes=2E Tempting though a "secure_hash" function is, I don't think it's practical = for a lot of the places hashing is used=2E Regards, Rowan Tommins [IMSoP]