Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions

From: Date: Thu, 12 Jul 2012 18:34:45 +0000
Subject: Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
References: 1 2  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
Stas,

> https://wiki.php.net/rfc/password_hash
>
> Looks good. The only question I have is for password_make_salt() - do we
> need the user to specify length? I think length is defined by the
> algorithm in the most cases.  Maybe convert it to password_make_salt(int
> $salt_type = PASSWORD_SALT_BCRYPT, int $length)
> with both arguments optional and one of salt types being
> PASSWORD_SALT_OTHER which just generates given length?


My only heistation there is that SALT_* specifies the format. So all of the
crypt() hashes would use that format (a-zA-Z0-9./). Perhaps the name is
bad, and it should be SALT_CRYPT instead (but this has the assumption that
salt formats will never change for crypt())...


Thread (47 messages)

« previous php.internals (#61188) next »