Re: crypt() should raise error without 2nd parameter

From:	Stas Malyshev	Date:	Wed, 07 Aug 2013 20:30:09 +0000
Subject:	Re: crypt() should raise error without 2nd parameter
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi!

> A user requested that crypt() should raise error without 2nd(slat)
> parameter.
> 
> https://bugs.php.net/bug.php?id=55036
> 
> crypt() without salt generates extremely weak password hash. In addition to
> this,

I see that when I run crypt with one parameter, it generates salted
password hash. I imagine since on many systems it will produce md5-based
hash which is no longer considered adequate for many applications, it
may be not the best way to use it, but I don't see how it is an error to
do it. I'd rather have crypt() use stronger hash by default or maybe
have parameter that sets which hash is being used.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227


   

Thread (10 messages)

• Yasuo OhgakiWed, 07 Aug 2013 10:18:15 +0000
  • LeighWed, 07 Aug 2013 11:00:00 +0000
    • Ángel GonzálezWed, 07 Aug 2013 11:58:32 +0000
  • Kalle Sommer NielsenWed, 07 Aug 2013 13:21:30 +0000
  • Anthony FerraraWed, 07 Aug 2013 13:50:11 +0000
  • Stas MalyshevWed, 07 Aug 2013 20:30:09 +0000
    • Yasuo OhgakiThu, 08 Aug 2013 01:20:42 +0000
      • Hannes MagnussonThu, 08 Aug 2013 04:22:36 +0000
        • Yasuo OhgakiThu, 08 Aug 2013 04:44:59 +0000
  • Yasuo OhgakiThu, 22 Aug 2013 11:30:06 +0000Re: crypt() should raise error without 2nd parameter