Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124654
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id BB41E1A00B7
	for <internals@lists.php.net>; Sat, 27 Jul 2024 22:14:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1722118584; bh=+AA2VqR+AbECR+CuHXsMB2RcTfPsZTzpfIzUZNBgOXE=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=cKAnW4LeZ5d2vvVqHgbWnf21PBrF5V+uTi88D650PPupEx/QTFyLn8ECHreRPiPrT
	 MIVqY4KrpuZpgRMzliyhfC344QcMw8kj5KPHSyKhMJS/X+M/HLORFIf/9OEaQ1HSaS
	 0zYQOb2MDycFqOO8GIOaghQpiQAr7CoJAfTCEgZDwcxTiJj0UTL+Nlt3I30tCdgSPP
	 4ACY4uv8dgG92Z9KVuBM3tnpxjksCRyX+ES8Igg4fIe8i2AOsTvt8/UnE8/cFiCpmu
	 xHn+peRaBRISJxNXvCCVq6cMD9UUwEdeLdThhyx5Sj2V1oBrYdg3NJfIdB7OrFtlrl
	 7O0kiTaDn5zKg==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0F00618003E
	for <internals@lists.php.net>; Sat, 27 Jul 2024 22:16:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DMARC_MISSING,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <weedpacket@varteg.nz>
Received: from gavin.smtp.mailx.hosts.net.nz (gavin.smtp.mailx.hosts.net.nz [43.245.52.167])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 27 Jul 2024 22:16:20 +0000 (UTC)
Received: from 125-237-145-229-fibre.sparkbb.co.nz ([125.237.145.229] helo=[192.168.1.68])
	by gavin.smtp.mailx.hosts.net.nz with esmtpsa authed as varteg.nz  (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128)
	(Exim 4.96)
	(envelope-from <weedpacket@varteg.nz>)
	id 1sXpgW-004YLe-2r
	for internals@lists.php.net;
	Sun, 28 Jul 2024 10:14:40 +1200
Message-ID: <0824789d-0e36-4628-85c1-4b8d9b7f86af@varteg.nz>
Date: Sun, 28 Jul 2024 10:14:32 +1200
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
To: internals@lists.php.net
References: <USzt7tZZlO1DmAbSTLhD-bqa23FqZn0zk2aah8Ndxgk9c7RY5PefQ8MjbYPUYAzr2_m4Cf-5AI4PuNBTS84rim_FNS6RaT-cWSv714HEvvU=@gpb.moe>
 <1a88918e-e808-d778-45e1-53797660e093@php.net>
 <CAPrKfG5Cw_nU7g7FR+t4C1-YZ8CDsDO_-sRs=yEsHO5kCTZL+A@mail.gmail.com>
 <c03eb187-bd21-4a4b-9faf-8d0243eaa994@varteg.nz>
 <aa6bc7aa-28d9-40ca-974f-65075adb6199@rwec.co.uk>
 <3563cf9b-8eab-4c82-b525-a5d2f9a767bb@varteg.nz>
 <38920A4B-790D-48C7-B2F6-C49D3F506232@rwec.co.uk>
Content-Language: en-GB
In-Reply-To: <38920A4B-790D-48C7-B2F6-C49D3F506232@rwec.co.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Hosts-DKIM-Check: none
From: weedpacket@varteg.nz (Morgan)

On 2024-07-28 00:36, Rowan Tommins [IMSoP] wrote:
> 
> 
> On 27 July 2024 00:58:17 BST, Morgan <weedpacket@varteg.nz> wrote:
>>
>> I'm not talking about the MD5 or SHA1 algorithms or whether they should or shouldn't be used. I'm just talking about the functions themselves. md5(), md5_file(), sha1(), and sha1_file(). They only exist because there wasn't the generic hash algorithm extension when they were created.
> 
> I understand what is being claimed (and you're not the only one claiming it), I'm just not convinced it's true.

I'm just looking at the manual's version information about when the 
functions were introduced. Seems pretty unambiguous: md5, sha1, hash: 
versions 3, 4, and 5 (via PECL).

 > I think they have standalone functions for the same reason we added 
str_contains and str_starts_with - because it's convenient to have 
straightforward functions for common use cases.
> 
Because there weren't any purpose-built functions that did the job, 
forcing users to use other functions in expensive ways for what is 
internally a pretty simple task. There is a purpose-built function for 
hashing.

> The hash() function is like a 60-piece set of interchangeable screwdriver heads, which only professionals and enthusiasts need; md5() and sha1() are like the flat-head and Phillips screwdrivers that everyone has in a drawer somewhere.
> 
> The thing that always surprises me is that PHP *doesn't* have a standalone function for SHA-256, which is the only other I've ever used.
> 

Why a SHA2 algorithm? Why not a SHA3 one? How about standalone functions 
for both, and then when SHA4 comes along (as it inevitably will) another 
standalone function for one of its variants?


> To continue the analogy, we're missing a Pozidriv screwdriver, so people are misusing the Phillips one. The RFC is suggesting that we take away their flat-head and Phillips screwdrivers, and leave them with the 60-piece set, and no instructions.
> 
> My suggestion is we instead give them a Pozidriv screwdriver, and write some tips on how to use it correctly.
> 
Or leave them them the 60-piece set (which includes flat-head and 
Phillips screwdrivers, so they're not being taken away), and write some 
tips on how to use it correctly.

> Regards,
> Rowan Tommins
> [IMSoP]