[wp-hackers] Rethinking check_admin_referer()

Robert Deaton false.hopes at gmail.com
Sat Apr 22 17:23:11 GMT 2006

On 4/22/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> PHP is Turing complete. None of these would be all that hard to
> implement. Designing new, secure hash algorithms is tough. Porting them
> to a different language is a simple matter of coding and testing.

PHP is also an interpreted, loosely typed language. The difference
speed of a PHP version of an algorithm and the proper lower level C
implementation of the algorithm would be substantial, and like has
already been said, we're working in an area where speed is of the
utmost importance, delaying for an additional half a second while a
PHP sha256 or sha512 algorithm is run over a short hash is not
acceptable, especially when such algorithms depend on a PHP BigInt

You know, I'm really starting to feel like a parrot repeating myself,
didn't I already explain that PHP versions of algorithms would be
unacceptable when someone suggested sha1?

--Robert Deaton

More information about the wp-hackers mailing list