Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions

From:	Anthony Ferrara	Date:	Thu, 12 Jul 2012 18:34:45 +0000
Subject:	Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Stas,

> https://wiki.php.net/rfc/password_hash
>
> Looks good. The only question I have is for password_make_salt() - do we
> need the user to specify length? I think length is defined by the
> algorithm in the most cases.  Maybe convert it to password_make_salt(int
> $salt_type = PASSWORD_SALT_BCRYPT, int $length)
> with both arguments optional and one of salt types being
> PASSWORD_SALT_OTHER which just generates given length?


My only heistation there is that SALT_* specifies the format. So all of the
crypt() hashes would use that format (a-zA-Z0-9./). Perhaps the name is
bad, and it should be SALT_CRYPT instead (but this has the assumption that
salt formats will never change for crypt())...


   

Thread (47 messages)

• Anthony FerraraThu, 12 Jul 2012 02:40:08 +0000
  • Alex AulbachThu, 12 Jul 2012 17:24:52 +0000
    • Nikita PopovThu, 12 Jul 2012 17:32:44 +0000
      • Alex AulbachThu, 12 Jul 2012 17:50:19 +0000
    • Anthony FerraraThu, 12 Jul 2012 18:53:16 +0000
      • Alex AulbachThu, 12 Jul 2012 22:10:56 +0000
      • Ryan McCueFri, 13 Jul 2012 10:28:29 +0000
        • Ángel GonzálezFri, 13 Jul 2012 21:54:23 +0000
          • Alex AulbachSat, 14 Jul 2012 00:32:11 +0000
      • Daniel ConvissorSun, 15 Jul 2012 21:09:24 +0000
  • Stas MalyshevThu, 12 Jul 2012 18:32:17 +0000
    • Anthony FerraraThu, 12 Jul 2012 18:34:45 +0000
      • Jonathan Bond-CaronTue, 31 Jul 2012 12:32:56 +0000RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
        • Jonathan Bond-CaronTue, 31 Jul 2012 13:07:58 +0000
        • Anthony FerraraTue, 31 Jul 2012 13:25:19 +0000Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
          • Jonathan Bond-CaronTue, 31 Jul 2012 14:28:11 +0000RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
            • Nikita PopovTue, 31 Jul 2012 14:44:24 +0000Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
            • Anthony FerraraTue, 31 Jul 2012 14:54:48 +0000Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
              • Jonathan Bond-CaronTue, 31 Jul 2012 16:01:07 +0000RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
                • Anthony FerraraTue, 31 Jul 2012 16:21:31 +0000Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
                  • Ángel GonzálezTue, 31 Jul 2012 18:46:42 +0000
                  • Peter LindTue, 31 Jul 2012 19:46:49 +0000
                    • Anthony FerraraTue, 31 Jul 2012 20:02:34 +0000
                      • Peter LindTue, 31 Jul 2012 20:20:13 +0000
                        • Ángel GonzálezWed, 01 Aug 2012 18:11:02 +0000
                          • Alex AulbachWed, 01 Aug 2012 18:55:53 +0000
                  • Jonathan Bond-CaronWed, 01 Aug 2012 19:09:35 +0000RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
                  • Jonathan Bond-CaronWed, 01 Aug 2012 20:36:57 +0000RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
  • Anthony FerraraTue, 28 Aug 2012 15:28:07 +0000Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
    • Alain WilliamsTue, 28 Aug 2012 15:55:36 +0000Re: Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
      • Ferenc KovacsTue, 28 Aug 2012 15:58:57 +0000