crypt() should be deprecate because it can be used to create bad password hashes:
* descrypt: 12 bits of salt is too small and it's ~100x faster to crack than md5crypt. Which itself is too fast for password crackers (see CVE-2012-3287). * Extended DES: 24 bits of salt is too small. * md5crypt is too fast for password crackers (see CVE-2012-3287). * sha256crypt and sha512crypt are dangerous (see CVE-2016-20013). Since password_verify() and password_needs_rehash() already supports hashes created with crypt(), the only thing needed to do is remove crypt(). -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
