Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:121006 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 36896 invoked from network); 7 Sep 2023 18:05:12 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 7 Sep 2023 18:05:12 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id D35041804AA for ; Thu, 7 Sep 2023 11:05:10 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 7 Sep 2023 11:05:10 -0700 (PDT) Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-99c1c66876aso154639366b.2 for ; Thu, 07 Sep 2023 11:05:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694109909; x=1694714709; darn=lists.php.net; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=N603l+s9EHZGbc8bH3tl0SJCdfUEjw0ifvR94AMBQmk=; b=JYMcNVMt9jLRpIrWqSiznyqhY75YCmr374Tkg2qoTzFW6b4/4rq2fCLmwgX1EcsAfq 3ECNHzj8ai0eAITi5Ht4avxR3mw5qxJPh8Pano6e5Zg0xemP3haub8D8jZbfkH/xYU3p ilGwC2kLse3Fay8hpt1oMXu0tIbMRGfvDZgun+kNzGCRQs1OW1X6NIW+hDrxMU3Ix3iY 6Qg/m6sE/oiyAcHyczRE/hWd/Sevt64X3hIsE4rRmr6ctw0ZTM+pVb5GPPtEKwi2L2Em 0L87XAgyQngXXg4FAgyGpQ64akdu+yCqvVg97ddXMl1g73J16d7dhqUyRP3iBklHKmgV CiCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694109909; x=1694714709; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=N603l+s9EHZGbc8bH3tl0SJCdfUEjw0ifvR94AMBQmk=; b=M9JHXRiHheEa61XT/aPSbVfsk9tC2CLdcZ+lItE0iGuBkklAG8Jo1kiNEkrUrx+Tv7 ExElqqaFsBDOhyfZalkYH20quZi+aAOHlB7qfc13KQQ2fAn4OHLmTnc28/iWRvY/z56Z XdBn2t+1OMM1l177sopEsWrFEXyxEc2WVLSGMxo9xD+X6Ydhr/v3GJHJK2Mou/CrUTYj phsSVwEzyZkD3SrYiKmyhGIejecpP8O0O2RdnXFAReQzR71WFKUHOpjdRpLcWpMQWjG+ mjm+G8llCuJVqNzY/0GdA30ibLz3NEdSGs/ccnZdBzGLnwNKP69adZ3VBVMdci6HcLL8 N76g== X-Gm-Message-State: AOJu0YwGHQVVyycR1ymHEv9rzVBbAl30vJ2vjZ2wILhjDNptlcX3EAwU dlQNxBaH+0ewxzaL2x0QG76xy+LtES8= X-Google-Smtp-Source: AGHT+IE5TBUJaJt2eJA8ezz1qVsX8K4bWWsAAycPmFVrylNFpPdl+LIRgJaCjLH3cxwd4FMtisCn1g== X-Received: by 2002:a17:906:2101:b0:9a1:d25c:55e3 with SMTP id 1-20020a170906210100b009a1d25c55e3mr109800ejt.16.1694109908552; Thu, 07 Sep 2023 11:05:08 -0700 (PDT) Received: from ?IPV6:2a02:1811:cc83:ee50:280e:1e36:3a00:824? (ptr-dtfv08akcem5xburtic.18120a2.ip6.access.telenet.be. [2a02:1811:cc83:ee50:280e:1e36:3a00:824]) by smtp.gmail.com with ESMTPSA id q8-20020a170906940800b00988c0c175c6sm10780632ejx.189.2023.09.07.11.05.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Sep 2023 11:05:07 -0700 (PDT) Message-ID: <5e46aee2-e696-4839-80a9-1bde1d420571@gmail.com> Date: Thu, 7 Sep 2023 20:05:07 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: internals@lists.php.net References: Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] RFC: Increasing the default BCrypt cost From: dossche.niels@gmail.com (Niels Dossche) Hi Tim On 07/09/2023 19:26, Tim Düsterhus wrote: > Hi > > in response to the recent "PASSWORD_DEFAULT value" thread [1], I've created an RFC to discuss an increase of the default BCrypt costs for `password_hash()` from the current value of 10. > > https://wiki.php.net/rfc/bcrypt_cost_2023 These are the kind of things that are easily forgotten. Thank you for taking care of this! I just noticed one small detail. From the RFC text: "All tests were carried out using wall-power." I guess you mean wall-time? > > This message is intended to officially open the discussion period for that RFC. > > Best regards > Tim Düsterhus > > [1] https://externals.io/message/120993 > Kind regards Niels