diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-07 15:43:26 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-07 15:43:26 +0200 |
commit | 032f862133dbd2acc04cb75004428d6209f6046b (patch) | |
tree | c56bc8b35d7a82bbdeece6986750a3aefdbe1f57 /UPGRADING | |
parent | f4b2497ad8c366d276689dd1c7e3a84c33c11d9b (diff) | |
download | php-git-032f862133dbd2acc04cb75004428d6209f6046b.tar.gz |
Drop support for crypt() without explicit salt
crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
in password_hash() (which can auto-generate salts for strong
password hashes), so keeping this is just a liability.
Diffstat (limited to 'UPGRADING')
-rw-r--r-- | UPGRADING | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -576,6 +576,9 @@ PHP 8.0 UPGRADE NOTES $ctx = stream_context_create(['http' => ['protocol_version' => '1.0']]); echo file_get_contents('http://example.org', false, $ctx); + . Calling crypt() without an explicit salt is no longer supported. If you + would like to produce a strong hash with an auto-generated salt, use + password_hash() instead. - Sysvmsg: . msg_get_queue() will now return an SysvMessageQueue object rather than a |