Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:53607
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain bitextender.com from 80.237.132.12 cause and error)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/signed; boundary=Apple-Mail-6-236716548; protocol="application/pkcs7-signature"; micalg=sha1
In-Reply-To: <4E07C6D8.7040509@sugarcrm.com>
Date: Tue, 28 Jun 2011 12:19:56 +0200
Cc: Pierre Joye <pierre.php@gmail.com>,
 Rasmus Lerdorf <rasmus@lerdorf.com>,
 PHP internals <internals@lists.php.net>
Message-ID: <7F006373-3753-48A6-BCB8-564B1020CB04@bitextender.com>
References: <4E06EF9A.4030603@lerdorf.com>	<4E07A696.2090602@sugarcrm.com> <BANLkTi=TwEJ=+PAuX3wS68_CWtsBcriScg@mail.gmail.com> <4E07C6D8.7040509@sugarcrm.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Subject: Re: [PHP-DEV] todo: crypt_blowfish issue
From: david.zuelke@bitextender.com (=?iso-8859-1?Q?David_Z=FClke?=)

--Apple-Mail-6-236716548
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On 27.06.2011, at 01:55, Stas Malyshev wrote:

> However, it still has a chance somebody's data won't work after the =
update if he had 8-bit data hashed with old crypt(). He would need =
either to re-hash or to change prefix from $2a to $2x.

IMO that's a fair trade-off; people could even implement this in their =
app code by replacing "$2a" with "$2x" for a transitional period in the =
hash if the comparison fails (and then simply re-hash the password again =
with $2a so it's secure). I'm volunteering to write the necessary code =
sample for the upgrading notes :p

David



--Apple-Mail-6-236716548
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMZDCCBW4w
ggRWoAMCAQICECzy3OO4bIaKwclpYXzU0GAwDQYJKoZIhvcNAQEFBQAwgd0xCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y
azE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEg
KGMpMDkxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24g
Q2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMzAeFw0xMDEwMTQwMDAwMDBaFw0x
MTEwMTUyMzU5NTlaMIIBGzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
aWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9S
UEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZh
bGlkYXRlZDEzMDEGA1UECxMqRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUgRnVsbCBTZXJ2
aWNlMRUwEwYDVQQDFAxEYXZpZCBadWVsa2UxKzApBgkqhkiG9w0BCQEWHGRhdmlkLnp1ZWxrZUBi
aXRleHRlbmRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTFIMYSR0GnIsK
MHUvTk4cSKdV0AtBkWcU1xrOVB+N+Yt/2VBtKV8QhfGwN6s8djcq3WGQEHjah8yoNbzNbhMOCPds
TLpR3h2LYZ92s1LAUZxSEnk0vHGGSH3Mh+p9gOYUiSxr15jQEKJ3lRM5Rhx0FEiNIclIyIycAH5v
Gog+uE3PGR9TJ2W7HkL7syT7BSCHGCRKPKgNyHDBG2f+kwVkaha7wuJr/8FVeu4EOsN5LsFfzZpY
tEkZLynV2mtrUfuRiC1VO/XGS4nx8Mal5hR4TGo2aMWnLhMv0vIkqkFgMIyb+U7shrSqgRA1twQu
E+XqjKcTsoSmf/RtlR5k+3lnAgMBAAGjgegwgeUwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CG
SAGG+EUBBxcBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYD
VR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAUBgpghkgBhvhFAQYHBAYW
BE5vbmUwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2luZGMxZGlnaXRhbGlkLWczLWNybC52ZXJp
c2lnbi5jb20vSW5kQzFEaWdpdGFsSUQtRzMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCORRzoX9q6
ru46+C/LmaYBhjpFVNizsGHweTgBJJZUvkvDLG/sSBKIyFG54vnQUSgTKll6rLuVEWxbDNCq847z
PPMWRFaNQSSg8qztcIbhkFx7WxnY/BXpS+E2hQe/VLD0u67OerJBYsVnFAEYXQPSa7XCOqtlld+3
gt6TNvQRHDvjnpLeQXzWbC8WVVqEf835ZOQdXrVRHiYyu08MfXbi9x3KbbUtGA78f9WpD0wZ27ix
I22+66Co1TTU2wbti1XdhJhOOXwwHzKtD0ESJbbMmjquplOgNgPJjViHUE0E3pX6YUCgiviP73Lq
PnyQ4yjltudFrANX4PB6GjZ5EHHhMIIG7jCCBdagAwIBAgIQcRVmBUrkkSFN6bxE+azT3DANBgkq
hkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwg
SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNMDkwNTAxMDAw
MDAwWhcNMTkwNDMwMjM1OTU5WjCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1
c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEeMBwGA1UECxMVUGVyc29u
YSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vi
c2NyaWJlciBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cRH3yooHXwG
a7vXITLJbBOP6bGNQU4099oL42r6ZYggCxET6ZvgSU6Lb9UB0F8NR5GKWkx0Pj/GkQm7TDSejW6h
glFi92l2WJYHr54UGAdPWr2f0jGyVBlzRmoZQhHsEnMhjfXcMM3l2VYKMcU2bSkUl70t2olHGYjY
SwQ967Y8Zx50ABMN0Ibak2f4MwOuGjxraXj2wCyO4YM/d/mZ//6fUlrCtIcK2GypR8FUKWVDPkrA
lh/Brfd3r2yxBF6+wbaULZeQLSfSux7pg2qE9sSyriMGZSalJ1grByK0b6ZiSBp38tVQJ5op05b7
KPW6JHZi44xZ6/tu1ULEvkHH9QIDAQABo4ICuTCCArUwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wEgYDVR0TAQH/BAgwBgEB/wIBADBwBgNVHSAE
aTBnMGUGC2CGSAGG+EUBBxcBMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTA0BgNVHR8E
LTArMCmgJ6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2ExLWczLmNybDAOBgNVHQ8BAf8E
BAMCAQYwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
S2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEu
Z2lmMC4GA1UdEQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWw0LTIwNDgtMTE4MB0GA1Ud
DgQWBBR5R2EIQf04BKJL57XM9UP2SSsR+DCB8QYDVR0jBIHpMIHmoYHQpIHNMIHKMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5l
dHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkgLSBHM4IRAItbdVaEVIULAM+vOEjOsaQwDQYJKoZIhvcNAQEFBQAD
ggEBADlNz0GZgbWpBbVSOOk5hIls5DSoWufYbAlMJBq6WaSHO3Mh8ZOBz79oY1pn/jWFK6HDXaNK
wjoZ3TDWzE3v8dKBl8pUWkO/N4t6jhmND0OojPKvYLMVirOVnDzgnrMnmKQ1chfl/Cpdh9OKDcLR
RSr4wPSsKpM61a4ScAjr+zvid+zoK2Q1ds262uDRyxTWcVibvtU+fbbZ6CTFJGZMXZEfdrMXPn8N
xiGJL7M3uKH/XLJtSd5lUkL7DojS7Uodv0vj+Mxy+kgOZY5JyNb4mZg7t5Q+MXEGh/psWVMu198r
7V9jAKwV7QO4VRaMxmgD5yKocwuxvKDaUljdCg5/wYIxggSLMIIEhwIBATCB8jCB3TELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYSAoYykwOTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJp
U2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEczAhAs8tzjuGyGisHJaWF8
1NBgMAkGBSsOAwIaBQCgggJtMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF
MQ8XDTExMDYyODEwMTk1OFowIwYJKoZIhvcNAQkEMRYEFOY2rDZ/66Gd4t3kVu4k6tlYln2uMIIB
AwYJKwYBBAGCNxAEMYH1MIHyMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu
Yy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVz
ZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA5MR4wHAYDVQQLExVQZXJzb25h
IE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJz
Y3JpYmVyIENBIC0gRzMCECzy3OO4bIaKwclpYXzU0GAwggEFBgsqhkiG9w0BCRACCzGB9aCB8jCB
3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVy
aXNpZ24uY29tL3JwYSAoYykwOTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYD
VQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEczAhAs8tzj
uGyGisHJaWF81NBgMA0GCSqGSIb3DQEBAQUABIIBADv69NI21HSak7hgzizJtjg6mgwQ1SfcBSde
aQmdT7QfhgDMk3G3y7VQ/Eyp5zp5um1g3D45RKXekkhFpZkkEDmIhw3wq+f0RGIRqzGdIdjn7Vji
lxBbYS2VzndIeC03KOOsnNOLSVyVWnHOAmar1Yszu41yQpr4r7P7IUAexbkgqNfzZ/DrpK5VJj2/
wnBedJfG9D+2vje0H3WD1wLgE8Gthq9yC/hEbomTAAKf43/1TbQZk/s9DXk+HtrcnDAT0C7P0m+6
5dkhR8wLG99p/Dan702DCFsJY6F6+T5WeZG/KjdRzbZ0iQ0+LVRV/IUvlLv4Rj9fHESYOb7fFb1N
FdEAAAAAAAA=

--Apple-Mail-6-236716548--