-
-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
misc: Replace sha1()
by hash('sha1', ...)
#544
Conversation
The dedicated `sha1()` function is proposed for deprecation with PHP 8.4: https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_md5_sha1_md5_file_and_sha1_file For a future change it might also be considered to move to a cheaper hash function. The xxHash family (available as `xxh*`) is faster and should be sufficiently collision resistant for use within the cache.
Hi @TimWolla thank you!
Could we not use it already? What particular function(s) would work here? |
We probably can. For this PR I just proposed the minimally viable change, because I did not have the time to thoroughly investigate what replacement would be appropriate.
As suggested in the commit message, the xxHash family might be appropriate. An alternative might be using preg_replace_callback('/[^a-zA-Z0-9]/', static function ($matches) {
return sprintf('_%02x', ord($matches[0]));
}, $key); This would be guaranteed to be collision resistant, because it's a bijection. It would also make the cache identifiers human-readable. |
For future reference: symfony/symfony#47094 |
Hello @TimWolla, thanks for the original work and explanations. After reading a bit about this topic (check this php.watch article for instance), I've decided to use the I also moved the hash logic into one place only. I'll wait for your approbation before merging. NB: squash commit message to be used:
|
Changes look good to me. You are the Valinor expert anyway 😄 The primary goal of this PR was not to be merged directly, but to start a discussion for you to make a good decision. |
I wouldn't be an expert without the community around this tool, composed by many excellent PHP developers. 😉 Thanks again! |
The dedicated
sha1()
function is proposed for deprecation with PHP 8.4: https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_md5_sha1_md5_file_and_sha1_fileFor a future change it might also be considered to move to a cheaper hash function. The xxHash family (available as
xxh*
) is faster and should be sufficiently collision resistant for use within the cache.