Re: [PHP-DEV] [RFC] deprecate md5_file and sha1_file

This is only part of a thread. view whole thread
  108447
February 10, 2020 22:43 derick@php.net (Derick Rethans)
On 10 February 2020 21:52:42 GMT, j adams <zardozrocks@gmail.com> wrote:
>I disagree. While MD5 and SHA1 might not be suitable for modern >cryptographic operations, these functions might be needed for legacy >situations -- e.g., munging through old data. > > >On Mon, Feb 10, 2020 at 1:50 PM Tom Van Looy via internals < >internals@lists.php.net> wrote: > >> Hi >> >> While in some environments the use of MD5 and SHA1 are still >acceptable for >> some use cases like file integrity verification etc. the use of these >> algorithms should be discouraged and not be your choice when >developing new >> applications. >> >> I suggest to deprecated the functions md5_file() and sha1_file(). >This will >> make people think about upgrading to a better alternative. If you >still >> need this functionality you can always switch to the hash_file() >function. >> >> Carrying around these two dedicated functions seems a bit too much >for a >> modern PHP. What do you think? >> >> My feeling was that this is a no brainer. Should I open an RFC for >this? >> >> Kind regards, >> >> Tom Van Looy >>
Deprecation doesn't mean immediate removal. It's a nudge to move to something better. Because this deprecation isn't in the last PHP 7, these functions can't be removed until PHP 9. cheers, Derick