Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20086 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53719 invoked by uid 1010); 16 Nov 2005 23:46:13 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 53703 invoked from network); 16 Nov 2005 23:46:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Nov 2005 23:46:13 -0000 X-Host-Fingerprint: 72.21.46.202 prometheus.powertrip.co.za NetCache 5.3-5.5 Received: from ([72.21.46.202:53640] helo=prometheus.powertrip.co.za) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id B0/CA-07637-4C4CB734 for ; Wed, 16 Nov 2005 18:46:12 -0500 Received: from prometheus.powertrip.co.za ([72.21.46.202] helo=[127.0.0.1]) by prometheus.powertrip.co.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.52 (FreeBSD)) id 1EcWyc-000CwL-4h; Thu, 17 Nov 2005 01:46:08 +0200 Message-ID: <437BC4B6.8000401@powertrip.co.za> Date: Thu, 17 Nov 2005 01:45:58 +0200 User-Agent: Thunderbird 1.5 (Windows/20051025) MIME-Version: 1.0 To: Sara Golemon CC: internals@lists.php.net References: <20051115221143.GA28082@hardened-php.net> <437B08C8.20804@iamjochem.com> <437B0C46.3080809@php.net> <75.66.07637.9497B734@pb1.pair.com> <437B7B73.602@prohost.org> <0C.77.07637.85C7B734@pb1.pair.com> <003b01c5eae0$7235ceb0$5c8be5a9@ohr.berkeley.edu> In-Reply-To: <003b01c5eae0$7235ceb0$5c8be5a9@ohr.berkeley.edu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scan-Signature: b0fe733363ffddc51b70732deff2cb5a X-Authenticated-Sender: jacques@powertrip.co.za Subject: Re: [PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support From: jacques@powertrip.co.za (Jacques Marneweck) Sara Golemon wrote: > Right, so bottom line, MD5 is showing signs of fatigue. Not "broken" or > even significantly weak when used properly, but she's in the twlight years > and it's time to send ma to the old folks home for some rest and green > jello. > Also there are sites hosting md5 hashes and the equivalent text for password cracking. > SHA1 isn't quite the matriach yet, but despite having miles to go before she > sleeps, it is prudent to bring along the next generation so they can pay the > medical bills when a bout of breast cancer stikes her out of the blue. > lol > Where the hell was I? Oh yeah... +1 on tossin' in sha256() and > sha256_file(). > +1 *snip* > Of course, these reservations are just about dulling down the scissor edges > for little Sammy Scripter who doesn't know any better. If I'm going to avoid > being hypocritcal then I have to toss out those arguments at the end of the > day and say I'm +0 on 'em. That is, if there's a strong push to include > them, I'll dig out my 384/512 implementations (which are straight math, no > library deps) and toss 'em in with Steffan's sha256(), but only for PHP 6.0 > (or PHP 5.1.1 if the RM feels that's appropriate). > Might be useful to squeeze it into 5.1.0, seeing that new features are normally not allowed to sneak in during a maintenance release? Regards --jm > -Sara > -- Jacques Marneweck http://www.powertrip.co.za/blog/