Re: [PHP-DEV] [RFC] deprecate md5_file and sha1_file

This is only part of a thread. view whole thread
  108443
February 10, 2020 21:56 internals@lists.php.net ("Tom Van Looy via internals")
the hash_file() function still supports md5 and sha1 so people that need it
should then migrate to hash_file('md5', ...) or hash_file('sha1', ...)
instead. That was the idea

Kind regards,

Tom

On Mon, Feb 10, 2020 at 10:52 PM j adams <zardozrocks@gmail.com> wrote:

> I disagree. While MD5 and SHA1 might not be suitable for modern > cryptographic operations, these functions might be needed for legacy > situations -- e.g., munging through old data. > > > On Mon, Feb 10, 2020 at 1:50 PM Tom Van Looy via internals < > internals@lists.php.net> wrote: > >> Hi >> >> While in some environments the use of MD5 and SHA1 are still acceptable >> for >> some use cases like file integrity verification etc. the use of these >> algorithms should be discouraged and not be your choice when developing >> new >> applications. >> >> I suggest to deprecated the functions md5_file() and sha1_file(). This >> will >> make people think about upgrading to a better alternative. If you still >> need this functionality you can always switch to the hash_file() function. >> >> Carrying around these two dedicated functions seems a bit too much for a >> modern PHP. What do you think? >> >> My feeling was that this is a no brainer. Should I open an RFC for this? >> >> Kind regards, >> >> Tom Van Looy >> >
  108450
February 11, 2020 06:00 smalyshev@gmail.com (Stanislav Malyshev)
Hi!

> the hash_file() function still supports md5 and sha1 so people that need it > should then migrate to hash_file('md5', ...) or hash_file('sha1', ...) > instead. That was the idea
This means spending time and effort to cause extra work to people that already have working code with existing PHP and don't need our "help". I don't think we should be doing that. -- Stas Malyshev smalyshev@gmail.com