Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124692
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 8F3A91A00B7
	for <internals@lists.php.net>; Tue, 30 Jul 2024 19:52:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1722369247; bh=G7QasefHMGD5RwOg0qrkhX8MXfirftrVTP2/2wEDC90=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
	b=C1Y6n3HXN2MYhULcU6ktgEOHXUf/s9IJZZkkNjkS4CyWvMj+cKzlbym2CbDBDecfd
	 5EbMob1B+1gWyhM+6pjSGs8Ix1QydWjij6zp4c+ZWDElEeibicIuDi/ygYUZCDinBZ
	 XcYEseGgC6YSspQJDC/xpNmMRqBeoD7/PxkMmHL8bsqguSg/tcIjKgzQEZ93eVkEi5
	 dOmvLWx8jUTNBZ9aLS5rUh5MULiYzIWm6UeGXoLsOU+K1CTfh78zYwzKnuPidmnNP5
	 08kiNp34odb74XhodXoWRcnkZENBXJGiFn/TVrWB0XBi1YbpANckAkbGBhDghEpvdB
	 5jS4ToqMVBFfA==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 480E818003E
	for <internals@lists.php.net>; Tue, 30 Jul 2024 19:54:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 30 Jul 2024 19:54:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1722369146;
	bh=R0tFNEdJ1bOyrEpv9RON9qptBqXSSGHv1/OKgVbDpQU=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type:from:to:cc:subject:message-id;
	b=Rd9HIfLzDq/BfFSKnUqZ540oRWeBOsIQk76cJc5lzOVPqXnDhvqyDicZ1VXTggbia
	 NuvjOC5uBQME1Oh1IBl/B7151ngN7EGauelXQobrYfqps0xyi8JQStzUX5zGDCeric
	 M9pM2cQ+IdafCGiY9bogvEXUwR+ydZaCMi12LqQOPXd6fzBAsy1Ye5BBe1VwKhX5TP
	 J7I2TKODJUkMDP3lKHjbL/ZkDTG2F7+xIeDbf3XFlb4XA8/3tLvL+LhHKAfoR7xaqm
	 aZWMflBycpgctdbQwVxiRVXnHAF+TjQRguyTS7xoZ5zlT74YJ8FKMXkt47kQjvrhAD
	 toV3OHm8/C/CA==
Message-ID: <03a76613-58e3-4b64-b906-360826d46fe3@bastelstu.be>
Date: Tue, 30 Jul 2024 21:52:26 +0200
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
To: Kamil Tekiela <tekiela246@gmail.com>,
 "Rowan Tommins [IMSoP]" <imsop.php@rwec.co.uk>
Cc: PHP internals <internals@lists.php.net>
References: <USzt7tZZlO1DmAbSTLhD-bqa23FqZn0zk2aah8Ndxgk9c7RY5PefQ8MjbYPUYAzr2_m4Cf-5AI4PuNBTS84rim_FNS6RaT-cWSv714HEvvU=@gpb.moe>
 <1a88918e-e808-d778-45e1-53797660e093@php.net>
 <CAPrKfG5Cw_nU7g7FR+t4C1-YZ8CDsDO_-sRs=yEsHO5kCTZL+A@mail.gmail.com>
 <c03eb187-bd21-4a4b-9faf-8d0243eaa994@varteg.nz>
 <aa6bc7aa-28d9-40ca-974f-65075adb6199@rwec.co.uk>
 <3563cf9b-8eab-4c82-b525-a5d2f9a767bb@varteg.nz>
 <38920A4B-790D-48C7-B2F6-C49D3F506232@rwec.co.uk>
 <0824789d-0e36-4628-85c1-4b8d9b7f86af@varteg.nz>
 <F791876D-1A33-4DB7-938A-DEC048493D87@rwec.co.uk>
 <CAGBsUrfqn9spaJfv+NWkCub0N-NgoK8uHRZew+beRO5pmRKqFg@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAGBsUrfqn9spaJfv+NWkCub0N-NgoK8uHRZew+beRO5pmRKqFg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=C3=BCsterhus?=)

Hi

On 7/28/24 14:24, Kamil Tekiela wrote:
> I have voted yes only because I thought it's about removing inconsistent
> function alias. I can't see anything wrong with this hashing algorithms and
> I don't consider them unsafe. However, as someone pointed out this doesn't
> seem to be correct as the crc32 function isn't part of the depreciation
> proposal. I am confused now as to why we are trying to deprecate these

crc32() is different, because the hash() function is not a direct 
drop-in replacement. The crc32() function returns an integer, whereas 
the hash() function returns raw bytes / hex encoded bytes (as with all 
hash functions it provides). Unfortunately one also needs to remember to 
use the 'crc32b' algorithm value, because 'crc32' is taken up by the 
bit-reversed bzip2 variant of CRC32. The 'crc32b' naming is something 
PHP-specific and non-standard :-/

The standalone crc32() could probably also be deprecated, given the big 
red warning in documentation. But it's sufficiently different from the 
standalone md5() and sha1() functions to not bundle it with them.

> functions at all. If it's about people confusing the hashing algorithms
> with password key stretching algorithms then that's not a valid reason. A
> red warning in the documentation should aid people in clearing this
> confusion.

No, it's about MD5 and SHA-1 being a bad choice nowadays and 
nevertheless being more prominently available than the alternatives.

Best regards
Tim Düsterhus