Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94356 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 95657 invoked from network); 2 Jul 2016 07:36:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Jul 2016 07:36:08 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.182 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.220.182 mail-qk0-f182.google.com Received: from [209.85.220.182] ([209.85.220.182:35838] helo=mail-qk0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A3/30-28154-3EE67775 for ; Sat, 02 Jul 2016 03:36:04 -0400 Received: by mail-qk0-f182.google.com with SMTP id u124so6111391qkh.2 for ; Sat, 02 Jul 2016 00:36:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=t8WC9aKc0snD3UwSKfYHiQjM5Mx1F/Pga4VIKtDp9SE=; b=RkA456v00SM6LfXVwetiiEGpeSrLa3Xzrhs7YvQ7vfuctI86RIEaV+SY8cL8Rwlhfw iOA92duiecaiQztpPGxPnqaVAolxP3QtnXmGlpJHUzFyZljWmmfJqcdUSiDGO8MuPCOr 3mibeGGQLAcmE8fExQexsZ2+saofmOiPbEg3kWImxIwlIMeAwenoPMzr7aZ4GSGIVd6E p8wIsd5gohbbsubQ3TYnbWv4nFX051HXVoXAULlDRZSQYDR1v+ga6odcc4z2eS/P/kdT pBQIsFCNpcwORrB0voDTqWu8q+X33d0Tq6UCEV0RXVZmQkwb6IZ5JjlWfDmK8NcNbdi4 lwsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=t8WC9aKc0snD3UwSKfYHiQjM5Mx1F/Pga4VIKtDp9SE=; b=cnFsySYjIXlLVez65APu65Re6+iTeVArEdMbxGh8zcfqZyjJQpv7L+iuKrFAV10lgd czOTRq4T+mNQcBlUcdDBKT6oWnoMw8zfJnMdsEW9mGLSbyNx04GEfRjV4iLgKA13F/As kUqBiAWTOkzf0cebd4LsZ37e+Sdr23pp9LvbNlPd/u0BGOGOJ9mUGjA8qZLB0NwXd7Dl V7mVzSj4J41M6gzslBoVdRdBNs+vXN65LsDrt6GZhV5kSD9AjK967uqiMaGt8msh+P6g vtvtRkeJajUxYjd1KYiiL8NCL+NC0ZQXuvWFaSY+lsY/iYap8fBlcwdolY12O5jQB8Jk U5Yw== X-Gm-Message-State: ALyK8tLSjHFwdmzbkuc09W4Kf9+F7H3Vo8z9zHH97+O9YDzfQIJLMYwgICHUK5W4YBj1ijD0YZiL8X0GHZa8HA== X-Received: by 10.55.140.69 with SMTP id o66mr2970538qkd.143.1467444961243; Sat, 02 Jul 2016 00:36:01 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.140.17.33 with HTTP; Sat, 2 Jul 2016 00:35:21 -0700 (PDT) Date: Sat, 2 Jul 2016 16:35:21 +0900 X-Google-Sender-Auth: 4TblBcAoE4a4QJkxiZutDSy-cPM Message-ID: To: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: [RFC][VOTE] Session ID without hashing From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi all, Currently session module uses obsolete MD5 for session ID. With CSPRNG, hashing is redundant and needless. It adds hash module dependency and inefficient (There is no reason to use hash for CSPRNG generated bytes). This proposal cleans up session code by removing hash. https://wiki.php.net/rfc/session-id-without-hashing I set vote requires 2/3 support. Please describe the reason why when you against this RFC. Reasons are important for improvements! Thank you! -- Yasuo Ohgaki yohgaki@ohgaki.net