Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94664
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68323 invoked from network); 24 Jul 2016 04:51:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Jul 2016 04:51:51 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:37311] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 80/69-05797-16944975 for <internals@lists.php.net>; Sun, 24 Jul 2016 00:51:47 -0400
Received: (qmail 53452 invoked by uid 89); 24 Jul 2016 04:51:41 -0000
Received: from unknown (HELO mail-qk0-f173.google.com) (yohgaki@ohgaki.net@209.85.220.173)
  by 0 with ESMTPA; 24 Jul 2016 04:51:41 -0000
Received: by mail-qk0-f173.google.com with SMTP id x1so132438402qkb.3
        for <internals@lists.php.net>; Sat, 23 Jul 2016 21:51:41 -0700 (PDT)
X-Gm-Message-State: AEkoouseGFE5QIK7Yo9Touhh58Ah7E5S1s0ZPOehtvgidTjCOHh7uYk8RWamb0KjCNY7QR3PZLhpMkOhBCg9Xw==
X-Received: by 10.55.136.133 with SMTP id k127mr15278930qkd.0.1469335895663;
 Sat, 23 Jul 2016 21:51:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.242 with HTTP; Sat, 23 Jul 2016 21:50:56 -0700 (PDT)
Date: Sun, 24 Jul 2016 13:50:56 +0900
X-Gmail-Original-Message-ID: <CAGa2bXZn5HiOD6LsotYDmUJKhGxxpp0xTsMSE2bp5HO0fsCmtA@mail.gmail.com>
Message-ID: <CAGa2bXZn5HiOD6LsotYDmUJKhGxxpp0xTsMSE2bp5HO0fsCmtA@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: [RFC][VOTE] Session ID without hashing - Reopened
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

Due to a defect in the RFC, vote is reopened for a week. Removed lines
are indicated by <del></del>. No additional lines nor modifications
other than removed lines for session.use_strict_mode change.
Sorry for the confusion!

============

Currently session module uses obsolete MD5 for session ID. With
CSPRNG, hashing is redundant and needless. It adds hash module
dependency and inefficient (There is no reason to use hash for CSPRNG
generated bytes).

This proposal cleans up session code by removing hash.

https://wiki.php.net/rfc/session-id-without-hashing

I set vote requires 2/3 support.
Please describe the reason why when you against this RFC. Reasons are
important for improvements!

Thank you!

--
Yasuo Ohgaki
yohgaki@ohgaki.net