On Mon, 21 Feb 2022 at 16:44, <[email protected]> wrote: > If crypt() is removed [...] The only thing you lose is creating those bad > password hashes.
That's not exactly fair, as noted by Tim, `crypt()` can be used for other software (e.g. Dovecot); and by Hans for modifying `/etc/shadow`. While I would warn most developers away from using crypt(), because it is dangerous, it can still be useful (dare I say it, md5, terrible idea, but sometimes you need it when integrating with other systems). Craig On Mon, 21 Feb 2022 at 10:11, Tim Düsterhus <[email protected]> wrote: > crypt() allows one to interoperate with non-PHP-software that does not > support BCrypt, but supports the SHA-X variants. I already mentioned > Dovecot as an example. On Mon, 21 Feb 2022 at 12:04, Hans Henrik Bergan <[email protected]> wrote: > script modifying a linux system's /etc/passwd / /etc/shadow using crypt() > because password_hash() couldn't create passwd/shadow-compatible hashes > while crypt() could
