Drop support for crypt() without explicit salt

crypt() without salt generates a weak $1$ MD5 hash. It has been throwing a notice since 2013 and we provide a much better alternative in password_hash() (which can auto-generate salts for strong password hashes), so keeping this is just a liability.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-09-07 15:43:26 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-09-07 15:43:26 +0200
commit: 032f862133dbd2acc04cb75004428d6209f6046b (patch)
tree: c56bc8b35d7a82bbdeece6986750a3aefdbe1f57 /UPGRADING
parent: f4b2497ad8c366d276689dd1c7e3a84c33c11d9b (diff)
download: php-git-032f862133dbd2acc04cb75004428d6209f6046b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index d18bc98eeb..0621d8eade 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -576,6 +576,9 @@ PHP 8.0 UPGRADE NOTES
 
         $ctx = stream_context_create(['http' => ['protocol_version' => '1.0']]);
         echo file_get_contents('http://example.org', false, $ctx);
+  . Calling crypt() without an explicit salt is no longer supported. If you
+    would like to produce a strong hash with an auto-generated salt, use
+    password_hash() instead.
 
 - Sysvmsg:
   . msg_get_queue() will now return an SysvMessageQueue object rather than a
author	Nikita Popov <nikita.ppv@gmail.com>	2020-09-07 15:43:26 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-09-07 15:43:26 +0200
commit	032f862133dbd2acc04cb75004428d6209f6046b (patch)
tree	c56bc8b35d7a82bbdeece6986750a3aefdbe1f57 /UPGRADING
parent	f4b2497ad8c366d276689dd1c7e3a84c33c11d9b (diff)
download	php-git-032f862133dbd2acc04cb75004428d6209f6046b.tar.gz