Re: [PHP-DEV] [RFC] deprecate md5_file and sha1_file

This is only part of a thread. view whole thread
  108444
February 10, 2020 21:57 george.banyard@gmail.com ("G. P. B.")
On Mon, 10 Feb 2020 at 22:50, Tom Van Looy via internals <
internals@lists.php.net> wrote:

> Hi > > While in some environments the use of MD5 and SHA1 are still acceptable for > some use cases like file integrity verification etc. the use of these > algorithms should be discouraged and not be your choice when developing new > applications. > > I suggest to deprecated the functions md5_file() and sha1_file(). This will > make people think about upgrading to a better alternative. If you still > need this functionality you can always switch to the hash_file() function. > > Carrying around these two dedicated functions seems a bit too much for a > modern PHP. What do you think? > > My feeling was that this is a no brainer. Should I open an RFC for this? > > Kind regards, > > Tom Van Looy >
I feel that if we deprecate the file versions of these algorithms we probably should also deprecate the ones which work with plain old strings, namely md5() and sha1(). [1] [2] It should be noted that these hash functions would still be available through the Hash extension which is always available as of PHP 7.4 as it became a core extension. Depending on how controversial these deprecations are they could be bundled with the big deprecation RFC for PHP 8.0, which is currently in draft. [3] George P. Banyard [1] https://www.php.net/manual/en/function.md5.php [2] https://www.php.net/manual/en/function.sha1.php [3] https://wiki.php.net/rfc/deprecations_php_8_0