Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
From: Anthony Ferrara Date: Thu, 12 Jul 2012 18:34:45 +0000 Subject: Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions References: 1 2 Groups: php.internals Request: Send a blank email to [email protected] to get a copy of this message
Stas, > https://wiki.php.net/rfc/password_hash > > Looks good. The only question I have is for password_make_salt() - do we > need the user to specify length? I think length is defined by the > algorithm in the most cases. Maybe convert it to password_make_salt(int > $salt_type = PASSWORD_SALT_BCRYPT, int $length) > with both arguments optional and one of salt types being > PASSWORD_SALT_OTHER which just generates given length? My only heistation there is that SALT_* specifies the format. So all of the crypt() hashes would use that format (a-zA-Z0-9./). Perhaps the name is bad, and it should be SALT_CRYPT instead (but this has the assumption that salt formats will never change for crypt())...
Thread (47 messages)
- RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
- Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
- RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
- Re: [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
« previous | php.internals (#61188) | next » |
---|