====== PHP RFC: Add sha256() and sha256_file() functions ====== * Version: 0.1 * Date: 2024-09-19 * Author: Rowan Tommins * Status: Draft * First Published at: http://wiki.php.net/rfc/add-sha256-function ===== Introduction ===== PHP currently has dedicated functions for calculating MD5 and SHA-1 hashes, both of which were once common but are now considered broken from a security point of view. It is widely recommended to use SHA-256 for the purposes these were previously suited to, but PHP lacks dedicated functions to do so. This RFC proposes to add functions for calculating a SHA-256 hash from a string (sha256()), and from a file (sha256_file()). It also proposes to move these functions from ''ext/standard'' to ''ext/hash'', primarily as an aid to organising the official manual. ===== Proposal ===== The following new functions will be added: ===== Why standalone functions? ===== A proposal to deprecate the md5(), sha1(), md5_file(), and sha1_file() functions in the bulk [[rfc/deprecations_php_8_4#deprecate_md5_sha1_md5_file_and_sha1_file|deprecations for PHP 8.4 RFC]] was declined. Its rationale said, in part:
Unfortunately these cryptographically secure hash functions are only available by means of the generic hash() function (and the closely related hash_init(), hash_file(), and hash_hmac functions), making using them more verbose and thus seemingly more complicated than the standalone md5(), sha1(), md5_file(), and sha1_file() functions [...]
The hash() family of functions (including hash_file, hash_init(), and more) form a powerful "toolkit" ===== Why SHA-256 and SHA-512? ===== ===== Comparison with other languages ===== * Python's [[https://docs.python.org/3/library/hashlib.html|hashlib]] module provides named constructors for each supported algorithm; the minimum list is MD5, SHA-1, four variants of SHA-2 (''sha224()'', ''sha256()'', ''sha384()'', and ''sha512()''), four variants of SHA-3, two of SHAKE, and two of BLAKE2. The SHA-3, SHAKE, and BLAKE2 algorithms were added in Python 3.6 (2016). * C# has [[https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.hashalgorithm?view=net-8.0|classes derived from ''HashAlgorithm'']] for ''MD5'', ''SHA1'', ''SHA256'', ''SHA384'', ''SHA512'', ''SHA3_256'', ''SHA3_384'', and ''SHA3_512''; separate classes (outside of that hierarchy) also exist for ''Shake128'' and ''Shake256''. * Java provides only a universal constructor [[https://docs.oracle.com/en/java/javase/23/docs/api/java.base/java/security/MessageDigest.html|''MessageDigest.getInstance(String algorithm)'']]. The minimum set of algorithms supported is SHA-1 and SHA-256. * Apple CryptoKit (for Swift) has [[https://developer.apple.com/documentation/cryptokit/hashfunction|classes adopting the ''HashFunction'' protocol]] for ''SHA256'', ''SHA384'', and ''SHA512''. * Ruby's [[https://docs.ruby-lang.org/en/3.3/Digest.html|Digest module]] provides classes for MD5, RIPEMD-160, SHA1, and SHA2 (both via ''Digest::SHA2.new(bitlen)'' and short-hand ''Digest::SHA256'', ''Digest::SHA384'', and ''Digest::SHA512''). * Go's [[https://pkg.go.dev/crypto#pkg-functions|standard-library ''crypto'' package]] includes classes for ''md5'', ''sha1'', ''sha256'' (which also implements SHA-224), and ''sha512'' (which also implements SHA-384, SHA-512/224 and SHA-512/256). * The Web Crypto API (for JavaScript) [[https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|has a single ''digest()'' method]] taking a string algorithm name; the only supported algorithms are 'SHA-1', 'SHA-256', 'SHA-384', and 'SHA-512'. * As far as I can see, Rust and Perl do not provide any digest functions in their standard libraries. Some databases also provide standalone functions for common hashing algorithms: * MySQL has functions for ''md5()'' and ''sha1()'', plus [[https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2|a combined ''sha2()'' function]] which takes an argument to select SHA-224, SHA-256, SHA-384, or SHA-512. * PostgreSQL offers built-in ''sha224()'', ''sha256()'', ''sha384()'', and ''sha512()'' functions [[https://www.postgresql.org/docs/11/release-11.html#id-1.11.6.27.5.7|since version 11.0]] (released in 2018). Prior versions offered only ''md5()'' outside of an optional extension, as [[https://www.postgresql.org/message-id/flat/7b5fca2d-1c5d-a991-fe5c-3851ad57017d%402ndquadrant.com|discussed in the patch proposing them]]. * Microsoft SQL Server has only [[https://learn.microsoft.com/en-us/sql/t-sql/functions/hashbytes-transact-sql?view=sql-server-ver16|a ''HASHBYTES'' function]], which takes an algorithm as a string, and accepts ''MD2'', ''MD4'', ''MD5'', ''SHA'', ''SHA1'', ''SHA2_256'', and ''SHA2_512'' (the algorithm older than SHA-2 log a deprecation notice) * Presto and Trino (big data query engines used by tools like Amazon Athena) include [[https://trino.io/docs/current/functions/binary.html#hashing-functions|nine hashing functions]] - like PHP these include ''crc32()'', ''md5()'' and ''sha1''; ''sha256()'' and ''sha512()'' variants of SHA-2, plus two variants of SpookyHashV2, one of xxHash, and one of Murmur3 ===== Backward Incompatible Changes ===== What breaks, and what is the justification for it? ===== Proposed PHP Version(s) ===== List the proposed PHP versions that the feature will be included in. Use relative versions such as "next PHP 8.x" or "next PHP 8.x.y". ===== RFC Impact ===== ==== To SAPIs ==== Describe the impact to CLI, Development web server, embedded PHP etc. ==== To Existing Extensions ==== Will existing extensions be affected? ==== To Opcache ==== It is necessary to develop RFC's with opcache in mind, since opcache is a core extension distributed with PHP. Please explain how you have verified your RFC's compatibility with opcache. ==== New Constants ==== Describe any new constants so they can be accurately and comprehensively explained in the PHP documentation. ==== php.ini Defaults ==== If there are any php.ini settings then list: * hardcoded default values * php.ini-development values * php.ini-production values ===== Open Issues ===== Make sure there are no open issues when the vote starts! ===== Unaffected PHP Functionality ===== List existing areas/features of PHP that will not be changed by the RFC. This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise. ===== Future Scope ===== This section details areas where the feature might be improved in future, but that are not currently proposed in this RFC. ===== Proposed Voting Choices ===== Include these so readers know where you are heading and can discuss the proposed voting options. ===== Patches and Tests ===== Links to any external patches and tests go here. If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed. Make it clear if the patch is intended to be the final patch, or is just a prototype. For changes affecting the core language, you should also provide a patch for the language specification. ===== Implementation ===== After the project is implemented, this section should contain - the version(s) it was merged into - a link to the git commit(s) - a link to the PHP manual entry for the feature - a link to the language specification section (if any) ===== References ===== Links to external references, discussions or RFCs ===== Rejected Features ===== Keep this updated with features that were discussed on the mail lists.