Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60822
Return-Path: <admacedo@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77840 invoked from network); 14 Jun 2012 12:26:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Jun 2012 12:26:49 -0000
Authentication-Results: pb1.pair.com header.from=admacedo@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=admacedo@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender)
X-PHP-List-Original-Sender: admacedo@gmail.com
X-Host-Fingerprint: 209.85.161.170 mail-gg0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:49781] helo=mail-gg0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9B/A5-39100-888D9DF4 for <internals@lists.php.net>; Thu, 14 Jun 2012 08:26:49 -0400
Received: by ggnf2 with SMTP id f2so1449538ggn.29
        for <internals@lists.php.net>; Thu, 14 Jun 2012 05:26:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        bh=KSPpRcEK+FAoXSXIysXqXfmJI2qgBg2iNIc17COXDdY=;
        b=yNrktrV0Jfj8XFRkPi5JWr1mroHQDhZ1Fx818TsDy0BQXw/JNq3iV6xlOeg226SSXm
         rj2TMWKsGyXB/TIhADne6OdJ6KCgo2cmUiyvPHlEum2pcdNGvhpYXUpDD803AtYfisSa
         e0fYNBheEOD2vPjId1XfRbkAF2372IA9oyndUzNrUWGO9gi1rqSZBo2efqC1yPt2JorD
         Yg6ZCYkr6aKm3I+K/u4B3jWGWWkcUpHPPDaH45I+I28C2jEcjoW2kUBJVnRZoVG2P0KU
         sN3cXNlOcqnquXkLgrCv23DKHXp3mDZp6/1I57BBzuXc5G8S644QYWszGcWQRSFUlGa6
         Vdcw==
Received: by 10.236.175.166 with SMTP id z26mr2304734yhl.56.1339676805597;
 Thu, 14 Jun 2012 05:26:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.50.43 with HTTP; Thu, 14 Jun 2012 05:26:05 -0700 (PDT)
In-Reply-To: <CAF+90c-6VWJ_kBW=Z8Br-NOxKyuTkwStRg-OMBa6844w3=CjDA@mail.gmail.com>
References: <CAF+90c-6VWJ_kBW=Z8Br-NOxKyuTkwStRg-OMBa6844w3=CjDA@mail.gmail.com>
Date: Thu, 14 Jun 2012 13:26:05 +0100
Message-ID: <CA+yzxZhx9YVarc7dYJYf5LPnTxR6eR3RYa43QsgFOe+DCw7t-Q@mail.gmail.com>
To: Nikita Popov <nikita.ppv@googlemail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=20cf303f63521c88b204c26dd06f
Subject: Re: [PHP-DEV] Adding a simple API for secure password hashing?
From: admacedo@gmail.com (Daniel Macedo)

--20cf303f63521c88b204c26dd06f
Content-Type: text/plain; charset=ISO-8859-1

Hi Nikita,

I think you might just get everyone behind this; easily!

However, I'd like to throw in scrypt as well. Thoughts?

Stas has the right approach, not only should the methods be simplified and
platform/algorithm agnostic but have a proper salt built in (there are a
few CSPRNG implementations around), I've seen salts used from numbers to
md5's to just being skipped altogether.

~ Daniel Macedo

--20cf303f63521c88b204c26dd06f--