On Mon, Jul 22, 2024 at 9:06 AM Derick Rethans <
[email protected] <
mailto:[email protected]>> wrote:
- Deprecate md5(), sha1(), md5_file(), and sha1_file() (just says
"large
impact")
About 1.2 million.
https://github.com/search?q=%28md5+OR+md5_file+OR+sha1+OR+sha1_file%29+language%3APHP+&type=code <
https://github.com/search?q=%28md5+OR+md5_file+OR+sha1+OR+sha1_file%29+language%3APHP+&type=code>
On the other hand, who will be impacted by these deprecations? Potentially everyone, as these are included in many projects and in many vendor packages. It's busy work for the people who aren't affected. Sure, eventually, it will all be sorted out as CI warnings slowly subside because of this.
Reasons such as GIT and most cloud storages using these functions should be enough to spare them. Example:
https://rclone.org/overview/ <
https://rclone.org/overview/>
The point is that there are several reasons in 2024 to use md5 and sha1. Granted hashing passwords isn't one, but we're past that as a community already. And for the few that aren't, I'd argue there is no saving.
And they would still be available as hash("md5") and hash("sha1"); the only reason they're called out as their own distinct functions today is historical inertia.