Re: [RFC] [VOTE] Deprecations for PHP 8.4

From:	Rowan Tommins [IMSoP]	Date:	Fri, 26 Jul 2024 06:44:17 +0000
Subject:	Re: [RFC] [VOTE] Deprecations for PHP 8.4
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 25 July 2024 23:54:53 BST, Nick Lockheart <[email protected]> wrote:
>Doesn't password_hash() handle this automatically? The result of the
>password_hash() function includes the hash and the algorithm used to
>hash it. That way password_verify() magically works with the string
>that came from password_hash().

For password hashing, you are always retrieving the hash for a specific user, and then making a
yes/no decision about it. Indeed, it's an explicit aim that an attacker can't take a
password and quickly scan a captured database for matching hashes.

For other uses of hashes, though, the opposite is true: you want to search for matching hashes. For
instance, when you store a file in git, it calculates the SHA1 hash of its content to use as a
lookup key. If that key already exists in the local database, it assumes the content is the same.

That also demonstrates another difference: hashes are often shared between applications, where they
need to be using an agreed algorithm. If a package manager requires SHA1 hashes of each file, you
can't just substitute SHA256 hashes without some other agreed changes.

Tempting though a "secure_hash" function is, I don't think it's practical for a
lot of the places hashing is used.

Regards,
Rowan Tommins
[IMSoP]


   

Thread (97 messages)

• Gina P. BanyardFri, 19 Jul 2024 17:39:55 +0000
  • Jakub ZelenkaMon, 22 Jul 2024 10:59:53 +0000
    • Jakub ZelenkaMon, 22 Jul 2024 11:39:24 +0000
    • Christoph M. BeckerTue, 23 Jul 2024 14:32:47 +0000
    • Jakub ZelenkaSun, 28 Jul 2024 17:44:53 +0000
  • Derick RethansMon, 22 Jul 2024 16:04:23 +0000
    • Peter StalmanWed, 24 Jul 2024 03:58:56 +0000
      • MorganWed, 24 Jul 2024 22:01:15 +0000
        • Peter StalmanThu, 25 Jul 2024 05:33:28 +0000
        • Rowan Tommins [IMSoP]Thu, 25 Jul 2024 21:34:08 +0000
          • Nick LockheartThu, 25 Jul 2024 22:00:51 +0000
            • Mike SchinkelThu, 25 Jul 2024 22:26:51 +0000
            • Juliette Reinders FolmerThu, 25 Jul 2024 22:44:20 +0000
              • Nick LockheartThu, 25 Jul 2024 22:54:53 +0000
                • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 06:44:17 +0000
                  • Rob LandersFri, 26 Jul 2024 14:47:52 +0000
          • Mike SchinkelThu, 25 Jul 2024 22:22:17 +0000
          • MorganFri, 26 Jul 2024 23:58:17 +0000
            • Rowan Tommins [IMSoP]Sat, 27 Jul 2024 12:36:54 +0000
              • MorganSat, 27 Jul 2024 22:14:32 +0000
                • Rob LandersSat, 27 Jul 2024 22:25:49 +0000
                  • Tim DüsterhusTue, 30 Jul 2024 20:26:19 +0000
                    • Mike SchinkelWed, 31 Jul 2024 01:07:57 +0000
                      • MorganWed, 31 Jul 2024 21:15:58 +0000
                        • Mike SchinkelFri, 02 Aug 2024 06:34:46 +0000
                          • MorganFri, 02 Aug 2024 10:31:52 +0000
                          • Nick LockheartSun, 04 Aug 2024 11:42:19 +0000[RFC] Add Directive to Make All Namespaced Function Calls Global
                            • Christoph M. BeckerSun, 04 Aug 2024 12:08:22 +0000Re: [RFC] Add Directive to Make All Namespaced Function CallsGlobal
                              • Rowan Tommins [IMSoP]Mon, 05 Aug 2024 21:20:59 +0000Re: [RFC] Add Directive to M ake All Namespaced Function CallsGlobal
                            • Marco PivettaSun, 04 Aug 2024 12:23:23 +0000
                            • Ilija ToviloSun, 04 Aug 2024 17:15:43 +0000
                              • Nick LockheartSun, 04 Aug 2024 17:29:25 +0000
                                • Ilija ToviloSun, 04 Aug 2024 18:13:44 +0000
                                  • Nick LockheartSun, 04 Aug 2024 18:39:40 +0000
                                    • Ilija ToviloSun, 04 Aug 2024 20:01:22 +0000
                                      • Nick LockheartMon, 05 Aug 2024 08:22:08 +0000
                                        • Ilija ToviloMon, 05 Aug 2024 11:04:45 +0000
                                          • Nick LockheartMon, 05 Aug 2024 12:27:23 +0000
                                            • Ilija ToviloMon, 05 Aug 2024 13:07:56 +0000
                                              • Nick LockheartMon, 05 Aug 2024 13:33:17 +0000
                                                • Ilija ToviloMon, 05 Aug 2024 18:49:16 +0000
                                                  • Rob LandersMon, 05 Aug 2024 19:37:32 +0000
                • Rowan Tommins [IMSoP]Sun, 28 Jul 2024 06:42:29 +0000
                  • Kamil TekielaSun, 28 Jul 2024 12:24:34 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:52:26 +0000
                  • MorganMon, 29 Jul 2024 01:19:20 +0000
                  • Tim DüsterhusTue, 30 Jul 2024 20:57:58 +0000
                    • Rowan Tommins [IMSoP]Wed, 31 Jul 2024 21:38:33 +0000
              • Mike SchinkelSun, 28 Jul 2024 03:54:10 +0000
                • MorganMon, 29 Jul 2024 01:19:23 +0000
                  • Mike SchinkelMon, 29 Jul 2024 04:11:54 +0000
                  • Rowan Tommins [IMSoP]Mon, 29 Jul 2024 06:47:12 +0000
                    • MorganMon, 29 Jul 2024 20:00:37 +0000
                      • Rowan Tommins [IMSoP]Mon, 29 Jul 2024 22:04:35 +0000
      • Tim DüsterhusThu, 25 Jul 2024 15:33:16 +0000
        • Nick LockheartThu, 25 Jul 2024 17:28:51 +0000
          • Tim DüsterhusThu, 25 Jul 2024 18:35:38 +0000
        • Peter StalmanFri, 26 Jul 2024 06:35:14 +0000
          • Peter StalmanFri, 26 Jul 2024 07:09:40 +0000
            • Gina P. BanyardFri, 26 Jul 2024 10:03:53 +0000
              • Reinis RozitisFri, 26 Jul 2024 10:55:31 +0000RE: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
              • Benjamin AußenhoferFri, 26 Jul 2024 11:10:46 +0000
              • Christoph M. BeckerFri, 26 Jul 2024 11:11:39 +0000
                • Larry GarfieldFri, 26 Jul 2024 14:20:00 +0000
                  • BilgeFri, 26 Jul 2024 14:34:17 +0000
                  • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 17:33:20 +0000
                    • Christoph M. BeckerSat, 27 Jul 2024 11:24:12 +0000
                      • Mike SchinkelSun, 28 Jul 2024 04:33:18 +0000
                        • Tim DüsterhusTue, 30 Jul 2024 19:24:29 +0000
                      • Tim DüsterhusTue, 30 Jul 2024 19:20:24 +0000
                        • Christoph M. BeckerTue, 30 Jul 2024 21:43:25 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:15:30 +0000
                      • Rowan Tommins [IMSoP]Wed, 31 Jul 2024 21:13:45 +0000
                        • Christoph M. BeckerWed, 31 Jul 2024 21:49:44 +0000
                  • Juliette Reinders FolmerSat, 27 Jul 2024 00:18:10 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:04:11 +0000
              • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 12:02:49 +0000
              • Mike SchinkelSat, 27 Jul 2024 01:11:49 +0000Re: [RFC] [VOTE] Deprecations for PHP 8.4 — Use a carrot, not a stick.
                • Mike SchinkelSat, 27 Jul 2024 01:18:14 +0000
                • Peter StalmanSat, 27 Jul 2024 10:01:56 +0000Re: [RFC] [VOTE] Deprecation s for PHP 8.4 — Use a carrot, not a stick.
          • Tim DüsterhusFri, 26 Jul 2024 11:58:48 +0000
            • Rob LandersFri, 26 Jul 2024 12:50:58 +0000
              • Tim DüsterhusFri, 26 Jul 2024 13:02:42 +0000
                • Rob LandersFri, 26 Jul 2024 13:25:28 +0000
              • Nick LockheartFri, 26 Jul 2024 20:13:28 +0000
            • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 13:13:10 +0000
              • Christoph M. BeckerFri, 26 Jul 2024 14:27:53 +0000
              • Tim DüsterhusTue, 30 Jul 2024 19:00:05 +0000
            • Peter StalmanSat, 27 Jul 2024 09:54:12 +0000
  • Matthew Weier O'PhinneyTue, 23 Jul 2024 13:42:06 +0000
    • Larry GarfieldTue, 23 Jul 2024 14:04:18 +0000
      • Christoph M. BeckerTue, 23 Jul 2024 14:41:27 +0000
        • Larry GarfieldTue, 23 Jul 2024 14:54:30 +0000
      • Matthew Weier O'PhinneyTue, 23 Jul 2024 16:00:40 +0000
        • Larry GarfieldTue, 23 Jul 2024 16:26:59 +0000
          • Mike SchinkelWed, 24 Jul 2024 09:47:54 +0000
  • Gina P. BanyardSun, 04 Aug 2024 15:49:42 +0000