Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » PHP
  • » [PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support [RSS Feed]

#1 Nov. 16, 2005 01:31:28

Sara G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support


>> with MD5 and SHA1 more or less broken
>>
Overstatement much?

>> I have hacked together sha256() and sha256_file(),
>>
The more the merrier I say...

> There will be another RC, but I'd prefer to reserve
> this feature till PHP 5.1.1.
>
I've had implementations of sha256,384, and 512 lying about for months now
(possibly over a year), but was told they didn't have a place in core since
mhash provided the functionality (A statement I recall agreeing with at the
time fwiw). What changed?

-Sara

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#2 Nov. 16, 2005 01:39:11

Ilia A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support


Sara Golemon wrote:
> I've had implementations of sha256,384, and 512 lying about for months now
> (possibly over a year), but was told they didn't have a place in core since
> mhash provided the functionality (A statement I recall agreeing with at the
> time fwiw). What changed?

Didn't you hear md5/sha1 are cracked in seconds by evil governments and
corporations, put on your tin foil hat TODAY!

I think the issue is that mhash is a relatively rare extension due to a
dependency on a library that is rarely available. I think that perhaps
for 6.0 we need to look into a php extension that could provide some
commonly used hashes without any decencies.

Ilia

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#3 Nov. 16, 2005 01:44:18

Stefan E.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support


>I've had implementations of sha256,384, and 512 lying about for months now
>(possibly over a year), but was told they didn't have a place in core since
>mhash provided the functionality (A statement I recall agreeing with at the
>time fwiw). What changed?
>
>
Since a year a lot of things have changed. The progress in md5 and sha1
collision generation have been huge.

And it is really not needed to have every single hash function in core
because then you can really use mhash, but we should have atleast one in
the core, that is fit enough to survive the next months/years. Otherwise
the majority of people will not have access to it, because their hoster
does not provide mhash. (and many big open source PHP project simply
don't use functions that are not in the core)

Stefan

--
--------------------------------------------------------------------------
Stefan Esser
Hardened-PHP Projecthttp://www.hardened-php.net/GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78
Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78
--------------------------------------------------------------------------

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#4 Nov. 16, 2005 02:17:40

William A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support


Sara Golemon wrote:with MD5 and SHA1 more or less brokenOverstatement much?

I've had implementations of sha256,384, and 512 lying about for months now
(possibly over a year), but was told they didn't have a place in core since
mhash provided the functionality (A statement I recall agreeing with at the
time fwiw). What changed?One consideration, if one wanted to deploy PHP in a FIPS compliant manner,
is that reimplementations of these algorithms is not acceptable. One clean
solution if linked against OpenSSL is to dispatch sha256/384/512 to those
certified algorithms.

But in any case, all three certainly make sense. Adding sha256 alone sure
seems like a false start.

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

  • Root
  • » PHP
  • » [PHP-DEV] Re: PHP 5.1.0 - sha256() and sha256_file() support [RSS Feed]

Board footer

Moderator control

Enjoy the 20th of November
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support