Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103328 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 13380 invoked from network); 18 Oct 2018 18:02:34 -0000 Received: from unknown (HELO mail-it1-f174.google.com) (209.85.166.174) by pb1.pair.com with SMTP; 18 Oct 2018 18:02:34 -0000 Received: by mail-it1-f174.google.com with SMTP id q70-v6so498172itb.3 for ; Thu, 18 Oct 2018 07:16:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V2jfuXBcTj4nT0zaO6uT1MWqpSrD80SCGQ+D53smcD0=; b=GJZvec4cFVzo8FHbWe88XKINprxBEX4pNIvlrYen61q7hU6iu/VR09EaehsLyzQBYk /Pme0LfCnvm+iErk8UXXPnTsi1Mz3aiKe+SVh5R0BhEJKbeOhzV7PNXzrZbkDYs1z6QM 8iMA4xmISf8PFZqHEU1FO6HIGK1d+HUipPCuIv4zLe1kEVOObL6zIa925o/VuMNGBh90 wQlWSzueV66h/V+KOHRMFlyZoFVlUIcv8PYt3ovNip4FPDCMMFLE8UL9bNsc8gvVb32l PATXL0V3ZDel0Ulnjp3wfkiBnnPDdc0+rXR9iqGKoZ6k3nSxBkq5CtsP7MoSBKoTtUx7 sZgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V2jfuXBcTj4nT0zaO6uT1MWqpSrD80SCGQ+D53smcD0=; b=U9vuq5LH4cb5PyoDsCzQQK6cDVS4/VJ80SzFOju/qygeTF6tv5xLBk7Bj94jbhkzTE V5e7axG9f8LWEFUaZTqC/ANRpFExlx7tp0bBL1TpEHZhS4h4IvrwtExdsZmxhThXzr5U 3hxKGdBiC0likVvZCN2TVzVTLYJGj2GD1h8s93xcPfnU/Tq/OEnUMtDi78LDBQyNLWBn D5j14mR60Z7WnMW0FejVzfS1ztPH8QBg00nGQMZXdSlCGDQCgVa3lWMGqjqPzF3/Nab1 aYRRB6IP6YU9welK80aieUG2nSQIYFLCSaTWvLoIii9var5/XU80842bTiRMVDAmGgBw R0NA== X-Gm-Message-State: ABuFfoh7ASNV30cj3emuVC/rn7B5hozO4ssQyKZ9LKqyrjmtk1c64awW UivJvBmOp7MB3R4ujLzbJGe8eWeCZSsnjsA92YE= X-Google-Smtp-Source: ACcGV63K/tMSO45EzcoK1tMOnmWu/QhMqKGv+KRy2nwHzkgLMjMvSMHYX9emVEQyS/u8Cecd4g6XitumLyDGgEjEz3o= X-Received: by 2002:a02:7789:: with SMTP id g131-v6mr22967056jac.66.1539872173069; Thu, 18 Oct 2018 07:16:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 18 Oct 2018 15:16:01 +0100 Message-ID: To: Sara Golemon Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000e021d80578816d54" Subject: Re: [PHP-DEV] Password Digest Registry From: rowan.collins@gmail.com (Rowan Collins) --000000000000e021d80578816d54 Content-Type: text/plain; charset="UTF-8" On Thu, 18 Oct 2018 at 14:55, Sara Golemon wrote: > Unfortunately, I just sat down to implement it and noticed that we > have explicit test cases which verify that only hashes with a prefix > of "$2y" *and* a length of precisely 60 are identified as bcrypt. So > either we need to loosen that check (I'm trying to avoid BC breaks > here), or we create additional identification logic. > Hm... what does length != 60 currently generate - presumably it's just an "unrecognised format" error of some sort? If so, we could keep BC by having a validate method in each handler, but only call it for hashes with the given prefix, and return an error if it returns false. So in PHP terms: $prefix = extract_prefix($hash); $handler = $registry[$prefix]; if ( is_null($handler) || ! $handler->validate($hash) ) { throw new UnrecognisedHashError; } This would also allow handlers to reject other invalid strings, such as $knownAlgo$nonExistentOption=error$abc123 Regards, -- Rowan Collins [IMSoP] --000000000000e021d80578816d54--