Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20046 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23056 invoked by uid 1010); 16 Nov 2005 01:43:47 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 23038 invoked from network); 16 Nov 2005 01:43:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Nov 2005 01:43:47 -0000 X-Host-Fingerprint: 81.169.145.161 natfrord.rzone.de Solaris 8 (1) Received: from ([81.169.145.161:37327] helo=natfrord.rzone.de) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 9F/2B-07637-2DE8A734 for ; Tue, 15 Nov 2005 20:43:47 -0500 Received: from [192.168.1.77] (p5087404E.dip.t-dialin.net [80.135.64.78]) by post.webmailer.de (8.13.1/8.13.1) with ESMTP id jAG1hglh026969; Wed, 16 Nov 2005 02:43:43 +0100 (MET) Message-ID: <437A8ECE.6070208@hardened-php.net> Date: Wed, 16 Nov 2005 02:43:42 +0100 User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sara Golemon CC: internals@lists.php.net References: <20051115221143.GA28082@hardened-php.net> <003d01c5ea4d$61bbdbd0$5c8be5a9@ohr.berkeley.edu> In-Reply-To: <003d01c5ea4d$61bbdbd0$5c8be5a9@ohr.berkeley.edu> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support From: sesser@hardened-php.net (Stefan Esser) >I've had implementations of sha256,384, and 512 lying about for months now >(possibly over a year), but was told they didn't have a place in core since >mhash provided the functionality (A statement I recall agreeing with at the >time fwiw). What changed? > > Since a year a lot of things have changed. The progress in md5 and sha1 collision generation have been huge. And it is really not needed to have every single hash function in core because then you can really use mhash, but we should have atleast one in the core, that is fit enough to survive the next months/years. Otherwise the majority of people will not have access to it, because their hoster does not provide mhash. (and many big open source PHP project simply don't use functions that are not in the core) Stefan -- -------------------------------------------------------------------------- Stefan Esser sesser@php.net Hardened-PHP Project http://www.hardened-php.net/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 --------------------------------------------------------------------------