Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:113023 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 42641 invoked from network); 29 Jan 2021 15:19:09 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 29 Jan 2021 15:19:09 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 048271804AA for ; Fri, 29 Jan 2021 07:01:24 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 29 Jan 2021 07:01:23 -0800 (PST) Received: by mail-ot1-f54.google.com with SMTP id i20so8850055otl.7 for ; Fri, 29 Jan 2021 07:01:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MG0RzterhIHC93XkqvIwxH0hlm2n58c6Ifg7vWkOh6A=; b=VHeweu7tjs3fHcPdbUkq3D90KfFqVpl0b1Kxv5bEMd9xxGRlrHW1MOhPg4u/b0L/zT k+rPY1sQXomTzvFw0EXl8WrSXx2t/FY/UcvUVo+NFy9ESFVAqmqXUcUA5ZSEEcAHug2H Vv8+V8uEDqZY8GJzJkHErcsPqq3gT7I+m6yiJ5y2lf4B668ecMVG3YpF0oDcr/Zz33vS o0cwyOTc6/xPYlxXdziD7nxI/NbYO16VQtM1waobBttf+52itS7bzDvdNoohCvNroA0b LFZsBVNgGOKkEu+xydZAYn5fmmgC7ZyKf0PKxIIxAbGIcjJHQubhnPACf3KZlc/ftqUQ C3TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MG0RzterhIHC93XkqvIwxH0hlm2n58c6Ifg7vWkOh6A=; b=UVoRQGA5ULiSgQLhIt0CZbeczTmzsPAfjuOT760GYvbg5/aYBvummjYnENfuq2Qykc yuGfnSvwwae+d1C2paTOc0bzY6HSjjzZntLTv86QrhTdSmsnZMm+/s2ql27n4dV4E2QO ODcXyA5DzxtRDZMH3P35+VHaTGFQwCc6YROY5T+QkmsWi5d/GYnwHvuwQzCyGc5ViOAC 1OdQ7oXXgkYxOE+vJQvP0T4r51zYmo87Ij2yJJ6oaEeCSLod7L+99HVm4XHJyqC847d0 8u47Bjc9u2P7TAgTmdT/xOeVNOjwvazqlhDW/U5nFdkJIWNtZcM+ckOvf+LYwKiJfQFy yu+g== X-Gm-Message-State: AOAM53308VxBfTiosOo72/UT32Vwk4PpAgh+wddnzRfgX9VOm8DXaIZb jcjQklwaUiAOlWQj/hrHUb1Bjh+BgS8k95/nxOg= X-Google-Smtp-Source: ABdhPJxnO2uwHBgM1WEggzFJ7Q99tHaMreIi7ySgq8xOAGVP5LXwiLu/YHqHozPN9slOlK2wTJNruN4J+Wn/bMY7C04= X-Received: by 2002:a05:6830:18c4:: with SMTP id v4mr3032501ote.358.1611932476784; Fri, 29 Jan 2021 07:01:16 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 29 Jan 2021 16:01:05 +0100 Message-ID: To: Marco Pivetta Cc: Jesse Rushlow , PHP Internals List Content-Type: multipart/alternative; boundary="000000000000ae455105ba0b4625" Subject: Re: [PHP-DEV] password_verify() and unknown algos From: benjamin.morel@gmail.com (Benjamin Morel) --000000000000ae455105ba0b4625 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, thanks for the constructive feedback. On Fri, 29 Jan 2021 at 15:52, Marco Pivetta wrote: > > Gonna be the usual person saying: let's not clutter functions with more > behavior than what's needed :-) > > If you need to validate a hash for being "well formed" rather than > "matching", then write a separate function dedicated to that, rather than > increasing the complexity of a pre-existing symbol. > > Marco Pivetta I would definitely vote for that, too. It feels to me like throwing an exception on invalid algo / malformed hash should be the default behaviour, and that the use case brought up by Anthony, although very relevant, should be the one that should test for validity using another function (or pass an extra parameter). That being said, it's indeed a BC break. Would it be small enough to be allowed to hit 8.1? I don't know. =E2=80=94 Benjamin --000000000000ae455105ba0b4625--