Hi! On 2/19/22 6:03 PM, st...@tobtu.com wrote:
crypt() should be deprecate because it can be used to create bad password hashes:
I don't think it's a good reason for deprecating functions. A lot of functions, if used incorrectly, could produce bad results, it's not the reason to not use them correctly.
Since password_verify() and password_needs_rehash() already supports hashes created with crypt(), the only thing needed to do is remove crypt().
Removing it would cause serious BC issues with no practical gain. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
