Re: [VOTE] Change crypt() behavior w/o salt

From:	Andrea Faulds	Date:	Wed, 23 Oct 2013 00:35:02 +0000
Subject:	Re: [VOTE] Change crypt() behavior w/o salt
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 23/10/2013 01:26, Yasuo Ohgaki wrote:
On Wed, Oct 23, 2013 at 2:11 AM, Adam Harvey <[email protected]
<mailto:[email protected]>> wrote:

    "Generating an insecure weak hash as no salt was given: please ensure
    the salt parameter is specified and uses a strong hash type in order
    to generate a cryptographically secure hash"


I guess this would be one of the longest error message, but it does not
matter.

If there isn't better message, I'll commit with this message in a few days.


How about "No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash."

It doesn't emphasise the "strong" and "weak" as much, but I feel it gets the message acrosss well nonetheless.

-- 
Andrea Faulds
http://ajf.me/


   

Thread (16 messages)

• Yasuo OhgakiTue, 24 Sep 2013 01:41:47 +0000
  • Pierre JoyeTue, 24 Sep 2013 02:47:12 +0000
    • William BartlettTue, 24 Sep 2013 14:13:30 +0000
  • Alexey ZakhlestinTue, 24 Sep 2013 14:22:18 +0000
    • Yasuo OhgakiWed, 25 Sep 2013 04:17:56 +0000
      • Yasuo OhgakiMon, 07 Oct 2013 08:51:13 +0000
        • Yasuo OhgakiTue, 22 Oct 2013 06:10:35 +0000
          • Joe WatkinsTue, 22 Oct 2013 07:23:54 +0000
            • Kingsquare.nl - Robin SpeekenbrinkTue, 22 Oct 2013 07:35:16 +0000
          • Andrea FauldsTue, 22 Oct 2013 09:58:48 +0000
            • Adam HarveyTue, 22 Oct 2013 17:11:00 +0000
              • Joe WatkinsTue, 22 Oct 2013 17:21:08 +0000
                • Adam HarveyTue, 22 Oct 2013 17:23:56 +0000
              • Yasuo OhgakiWed, 23 Oct 2013 00:26:39 +0000
                • Andrea FauldsWed, 23 Oct 2013 00:35:02 +0000
                  • Yasuo OhgakiTue, 29 Oct 2013 08:49:00 +0000