Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:126359 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id EBC321A00BC for ; Sun, 9 Feb 2025 10:05:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1739095356; bh=heC+TANsmIkY8y3k+QvQ50n9czyEVtF8IkhjB1lifHs=; h=Date:From:To:Subject:From; b=S7ZtTnJC6ByDa1XoXlvd/8SPoK89jRfLvkbUmQ5uejOzhmHXaeoWK49FARqMMt750 wM7dbbm5+q2Qnw13phQxK+2iWB+50bWghew+4RRTDt3zHEi2zuGY58prQlrGc60eT+ yLKes/x1g7gp4zsKzRClGoXFqeeLyty2moIQ9JnUuUYXjWWCBzmfn6SyYUn3VWUsCJ Ql+K0z+6qs66GPPv4v7fYpn+s8wbJdL+S1Ycxpx7XCnhF7e0c/tqZhM3rnxVzmLpqU HxuQeaMqCHsgF639Q2Nt5PhE+X4CWaly7mjMsqKhLWq0Zbl6kgz9n4BSbuxrfz+h0t hJ8GCupfwwFLg== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 6366018006D for ; Sun, 9 Feb 2025 10:02:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,HTML_MESSAGE, RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from fout-a4-smtp.messagingengine.com (fout-a4-smtp.messagingengine.com [103.168.172.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 9 Feb 2025 10:02:34 +0000 (UTC) Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfout.phl.internal (Postfix) with ESMTP id ACB1613808B0 for ; Sun, 9 Feb 2025 05:05:18 -0500 (EST) Received: from phl-imap-09 ([10.202.2.99]) by phl-compute-01.internal (MEProxy); Sun, 09 Feb 2025 05:05:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bottled.codes; h=cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm1; t=1739095518; x=1739181918; bh=heC+TANsmIkY8y3k+QvQ50n9czyEVtF8 IkhjB1lifHs=; b=WcJzg+2QwtPteoQMbJIMdtw/5u5HF6aTgotWMs49CqQyP/UA gwG9zxbp7vG+ZUVloaZL/vZU8IFIaHEciZM2DZq5aQCqfOOJ0RS+imSEf+Gj2fl6 4Y6bKvkIjjeEKmitdW6IyackP/R2guy6I5qHcUI1AEwYlIvGCO43Ma+ik4cnfh4U XB8KGueIaWSTSSOKw//z2eyHSxEKUhenh5GDuGrNCwZ9Dt9J7vpRF1jKFHiYzLBT b8REpntpHFV6ECkOQ74Q5yPWumYKqaGCaxpYzBEel0MHu4035kmakN/LzOS/NfpG 9IJA42Ty9JdiOwKuJkFYfTjfg5jv8KROdamZIA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1739095518; x= 1739181918; bh=heC+TANsmIkY8y3k+QvQ50n9czyEVtF8IkhjB1lifHs=; b=E 0cbRcpOzWIUG+IHVZETFqmjs4XXyHjEP0jjZF4z5uq1oKK7F1swuPkRrvWdNRUL/ rxpGS54nEF0jP+szdpZj7NLTQt+jTR5E820CBK3mJdQ7Bk7p9KsjdBDaqapl1oWh VLFjlCij9m8YTTw8sLqPUX85jzM1cdTYThmZd2+zktSVmXa33c8sSLdoaoAapRN3 814q4ziPvW48GABSai9T9fuvQtA6tOXlZxWqKLNhKDPNcmQRzZdE0mSzy0dZSIFO pfYpSnVLjzPFhr6lJ2v3HLlLpvahen/K+iq3N0JCt9hMSGCyC22xTlowa818Fq0y ZynwF+Lzkiy+ITnkimAjQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefgeekhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtff homhgrihhnucdlgeelmdenucfjughrpefoggffhffvkffutgesrgdtreerredtjeenucfh rhhomhepfdftohgsucfnrghnuggvrhhsfdcuoehrohgssegsohhtthhlvggurdgtohguvg hsqeenucggtffrrghtthgvrhhnpeejtdfhkeejledtkeeghfejueehffffgfegudehgeek feehieellefhvdfgleehfeenucffohhmrghinhephigtohhmsghinhgrthhorhdrtghomh dpfehvgehlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomheprhhosgessghothhtlhgvugdrtghouggvshdpnhgspghrtghpthhtohepud dpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepihhnthgvrhhnrghlsheslhhishht shdrphhhphdrnhgvth X-ME-Proxy: Feedback-ID: ifab94697:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 2FFEE780068; Sun, 9 Feb 2025 05:05:18 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Date: Sun, 09 Feb 2025 11:03:55 +0100 To: internals@lists.php.net Message-ID: <4e41929c-fbd8-44f3-b72d-1b4e6526d001@app.fastmail.com> Subject: [PHP-DEV] bcrypt warning on long passwords Content-Type: multipart/alternative; boundary=d2d71ed964ff4327971f092425053967 From: rob@bottled.codes ("Rob Landers") --d2d71ed964ff4327971f092425053967 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello internals, I saw the following on hacker-news the other day: https://news.ycombinat= or.com/item?id=3D42955176 In the article it talks about how many implementations do not emit a war= ning, and PHP is one of them (though the author didn't cover php explici= tly). You can see this play out here: https://3v4l.org/8ih6O Since adding a warning here would be a BC break, does this need an RFC? = I'd be happy to implement this and write the RFC if necessary. =E2=80=94 Rob --d2d71ed964ff4327971f092425053967 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hello internals= ,

I saw the following on hacker-news the ot= her day: https://news.ycombinator.com/item?id=3D42955176

=
In the article it talks about how many implementations do not= emit a warning, and PHP is one of them (though the author didn't cover = php explicitly).

You can see this play out = here: https://3v4l.org/8ih6O=

Since adding a warning here would be a BC = break, does this need an RFC? I'd be happy to implement this and write t= he RFC if necessary.

=E2=80= =94 Rob
--d2d71ed964ff4327971f092425053967--