Re: [VOTE] Change crypt() behavior w/o salt

From:	Andrea Faulds	Date:	Tue, 22 Oct 2013 09:58:48 +0000
Subject:	Re: [VOTE] Change crypt() behavior w/o salt
References:	1 2 3 4 5	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 22/10/2013 07:10, Yasuo Ohgaki wrote:
Hi all,

Any comments patch for this RFC?
Better E_NOTICE message is welcome.


I'm a native English speaker, how about "Calling crypt() without giving a salt will not produce strong password hashes."?

It doesn't necessarily say you will produce a strong hash with it (other factors are at play), but it does say that you can't without it.

Perhaps "secure" might be better than "strong".

Just my 2 pence.
-- 
Andrea Faulds
http://ajf.me/


   

Thread (16 messages)

• Yasuo OhgakiTue, 24 Sep 2013 01:41:47 +0000
  • Pierre JoyeTue, 24 Sep 2013 02:47:12 +0000
    • William BartlettTue, 24 Sep 2013 14:13:30 +0000
  • Alexey ZakhlestinTue, 24 Sep 2013 14:22:18 +0000
    • Yasuo OhgakiWed, 25 Sep 2013 04:17:56 +0000
      • Yasuo OhgakiMon, 07 Oct 2013 08:51:13 +0000
        • Yasuo OhgakiTue, 22 Oct 2013 06:10:35 +0000
          • Joe WatkinsTue, 22 Oct 2013 07:23:54 +0000
            • Kingsquare.nl - Robin SpeekenbrinkTue, 22 Oct 2013 07:35:16 +0000
          • Andrea FauldsTue, 22 Oct 2013 09:58:48 +0000
            • Adam HarveyTue, 22 Oct 2013 17:11:00 +0000
              • Joe WatkinsTue, 22 Oct 2013 17:21:08 +0000
                • Adam HarveyTue, 22 Oct 2013 17:23:56 +0000
              • Yasuo OhgakiWed, 23 Oct 2013 00:26:39 +0000
                • Andrea FauldsWed, 23 Oct 2013 00:35:02 +0000
                  • Yasuo OhgakiTue, 29 Oct 2013 08:49:00 +0000