Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121292
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 73495 invoked from network); 13 Oct 2023 01:27:04 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 13 Oct 2023 01:27:04 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 61C72180212
	for <internals@lists.php.net>; Thu, 12 Oct 2023 18:27:01 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 12 Oct 2023 18:27:00 -0700 (PDT)
Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-40537481094so17337405e9.0
        for <internals@lists.php.net>; Thu, 12 Oct 2023 18:27:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default; t=1697160419; x=1697765219; darn=lists.php.net;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=6YI8ZxrzF5dWSgmx2070CEYBP4n2fVVLMhv7hxZiRMU=;
        b=GJhd87GkTcU5j38Ujl/baoIeCdoO7flMxSLk3CgGyqG85gr2n16OAGqMcSuMNOw6ei
         rdrUpKPKvGzQE0mvXrAf1TGjdOaPgCmdH2NTq/m2h1B1XkO3XjhJkfCBSYneDlv9mJV8
         9yKJ+7kqdaOR4V/jO8VO6cVdfcGYHHXgNAeHM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697160419; x=1697765219;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6YI8ZxrzF5dWSgmx2070CEYBP4n2fVVLMhv7hxZiRMU=;
        b=VTfLaVGr4oybsQbPoEVxxg1O42yViZ41HEQ0fXElNpGj5xQ3Luq8zh+k/W7Y5a6eZN
         1Fg46yUj8kyISaNw7cYS1M0FOlrQbG39y6Q3F2oW6Md7i27vXAHg96DqmWY70HlrGT7d
         SPdrTg2RA6c7x9DmVbjSBvhgRnJnwMY3LJ7b4HvIzKyD/v9qPXXJzjaejhxSaXh7Xlf/
         0eRhS9DzKesvpcasradJE7VnoifGKyHf/W1kPE8aYG39g36zOwk3zYfdA9VyFHLfjrn8
         Z5l8qpKUazMKWmGR1dK9L+BziJyGimJ84PLTKwzV3uh9rw2/fYbQr6ef3/v4n/KDc6Mh
         NgUw==
X-Gm-Message-State: AOJu0YzMujzgpWsPYxW02Hci7vgrOVp9SonPlkD5KVDhEIJUbL7X8ra/
	sgnT5pjIrh10ELYgRW59+sCchg==
X-Google-Smtp-Source: AGHT+IF25WQ6Y/XrAC2ipYbrO3qe0ClD9sctd3Il9tFHfBiQ5Fl22qq2zDyu9roDuxqh8j5AMklmkg==
X-Received: by 2002:a05:600c:1caa:b0:407:58e1:24ed with SMTP id k42-20020a05600c1caa00b0040758e124edmr7001286wms.39.1697160419240;
        Thu, 12 Oct 2023 18:26:59 -0700 (PDT)
Received: from smtpclient.apple ([92.234.79.97])
        by smtp.gmail.com with ESMTPSA id q19-20020a1cf313000000b0040596352951sm1138801wmq.5.2023.10.12.18.26.58
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 12 Oct 2023 18:26:58 -0700 (PDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
In-Reply-To: <CAMrTa2H8KGV7gwgoC7hkxrcnYekajSYHb2QerO=QF_o4EwJ5+A@mail.gmail.com>
Date: Fri, 13 Oct 2023 02:26:53 +0100
Cc: steve@tobtu.com,
 =?utf-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>,
 PHP internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <20DF88DB-68D4-4E15-B2BA-934241BE0ED3@craigfrancis.co.uk>
References: <a9b0d24f-fe59-75af-4b1e-dcd8067482b0@bastelstu.be>
 <263398749.1356563.1696464473187@email.ionos.com>
 <CAMrTa2H8KGV7gwgoC7hkxrcnYekajSYHb2QerO=QF_o4EwJ5+A@mail.gmail.com>
To: Jordan LeDoux <jordan.ledoux@gmail.com>
X-Mailer: Apple Mail (2.3731.700.6)
Subject: Re: [PHP-DEV] [VOTE] Increasing the default BCrypt cost
From: craig@craigfrancis.co.uk (Craig Francis)

On 12 Oct 2023, at 19:50, Jordan LeDoux <jordan.ledoux@gmail.com> wrote:
> That's not how voting works in the PHP project. The 2/3 is for whether =
or not the feature change should be made at all. In the case that there =
are multiple implementations or variations, the choice between those is =
usually simple majority. People can and do vote no on the main 2/3 vote =
if they feel that only one of the implementations/variations are =
acceptable.



Isn't it odd, if I had a vote, I'd have changed my first one to no if it =
meant jumping the default from 10 to 12 (ref shared hosting, and low =
powered servers)... doesn't matter though, when I finally get around to =
updating WordPress to use password_hash(), I'll probably set the cost =
rather than using the default (weird how that happens, some people think =
they are making things more secure, but end up making things worse).

Craig