On Tue, 11 Feb 2020 at 09:34, AllenJB email@example.com> wrote:
> If you want to change the way developers think about hashing when
> writing PHP, I would start with the documentation rather than
> deprecating functions which are essentially aliases and are highly
> likely used all over the place in cases where they do exactly what
> people want.
I agree. It isn't wrong to use MD5 or SHA1 in the right situation (or even
CRC32). The documentation can tell people when they can use these
algorithms, and when they must not think about using them. Mark them in the
documentation as "RECOMMENDED DO NOT USE" and guide people away.