Request for Comments: Prefer PHP's Builtin Crypt over System versions


In order to provide a consistent implementation of all crypt() algorithms for all users of PHP, it is proposed that in an upcoming release of PHP, we always use the PHP-provided versions of all supported algorithms.


  1. It will simplify the m4 files for the crypt() extension.
  2. It will provide consistent behaviour for all users of PHP.
  3. It is internally consistent with other, similar decisions such as bundling our own timezone database and versions of various hashing algorithms.
  4. The crypt() documentation has recently been dramatically improved, but only documents the built-in algorithms. An effort to maintain a list of possible system-level incompatibilities would probably be prohibitive.
  5. Prevent the filing of bugs when different systems use different crypt()


  1. Some systems vendors have previously shown resistance to PHP preferring its bundled versions of facilities the OS provides
  2. ???


rfc/builtincrypt.txt · Last modified: 2017/09/22 13:28 (external edit)