On Mon, Jul 15, 2024 at 4:31 PM Tim Düsterhus <[email protected]> wrote:
>
> Yes it does. SHA-256 is safer than MD5. And on modern CPUs with sha_ni
> extensions, it's also faster. The following is on a Intel i7-1365U:
>
> > $ openssl speed md5 sha1 sha256 sha512
> > *snip*
> > version: 3.0.10
> > built on: Wed Feb 21 10:45:39 2024 UTC
> > options: bn(64,64)
> > compiler: *snip*
> > CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x98c027bc239c27eb
> > The 'numbers' are in 1000s of bytes per second processed.
> > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
> > md5 114683.10k 286174.51k 550288.90k 715171.50k 783611.22k
> > 788556.46k
> > sha1 138578.57k 440607.38k 1082163.29k 1674088.45k 2017296.38k
> > 2047377.41k
> > sha256 150670.11k 460483.71k 1054829.57k 1553830.57k 1807897.94k
> > 1823981.57k
> > sha512 41246.76k 181566.07k 341457.66k 645468.50k 781042.81k
> > 804296.02k
> Tim Düsterhus
Oh, that's interesting information. Blindly assuming that md5 was
faster than sha256, I did occasionally use md5 for non security
sensitive things like creating hashes used as cache keys or something
similar.
Consider something like:
$cache_key = md5(json_encode([
'query' => "SELECT * FROM books WHERE author = ? LIMIT $offset,$limit",
'params' => $params,
'db' => 'kids_books',
]));
I think that would resolve my last possible reason for continuing to use md5.