Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60868
Return-Path: <indeyets@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 42397 invoked from network); 17 Jun 2012 13:58:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jun 2012 13:58:43 -0000
Authentication-Results: pb1.pair.com smtp.mail=indeyets@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=indeyets@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.170 as permitted sender)
X-PHP-List-Original-Sender: indeyets@gmail.com
X-Host-Fingerprint: 209.85.215.170 mail-ey0-f170.google.com  
Received: from [209.85.215.170] ([209.85.215.170:37628] helo=mail-ey0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AE/90-34308-192EDDF4 for <internals@lists.php.net>; Sun, 17 Jun 2012 09:58:41 -0400
Received: by eaal12 with SMTP id l12so1313659eaa.29
        for <internals@lists.php.net>; Sun, 17 Jun 2012 06:58:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=content-type:mime-version:subject:from:in-reply-to:date
         :content-transfer-encoding:message-id:references:to:x-mailer;
        bh=rL6KldUUKL8PzrRuCVpGMPEreJDY6kGhu57j0OW1c/M=;
        b=TcnmkshIBaJ8X3qvnKh0yOnW+Ym6BqmY2I+OI9s9kltMM0QOIQ5VdX0470YvP0cdnU
         lG06PphaqHhYcNz0uci3BVeqXo6ZAXfNJaGtX1z4hRHPE/t6HohJX3FuRxuBDdhhiglS
         iXTyTDIb5jiwVj2shUjmRcPGlTBP9uemHlSyK7iGkOs0RdRHH3DwdtyxppNQPANoInRs
         d47L96xw4NhXws0RlTxs8vgGXm/w1hMZUup5lZ6umpFziecXKv0W23swAheMrWtY7GS4
         sFcokcIxjRvRIeZsmDOQqgcTLuVwPQowpal/gskCirhj6ZqmxMD6287Y48smgoyJ0nVZ
         6neg==
Received: by 10.14.98.68 with SMTP id u44mr2809187eef.85.1339941518109;
        Sun, 17 Jun 2012 06:58:38 -0700 (PDT)
Received: from ?IPv6:2001:470:1f0b:cd9:c8cf:bcf8:48ab:956d? ([2001:470:1f0b:cd9:c8cf:bcf8:48ab:956d])
        by mx.google.com with ESMTPS id o16sm50762422eeb.13.2012.06.17.06.58.35
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 17 Jun 2012 06:58:36 -0700 (PDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Apple Message framework v1278)
In-Reply-To: <CAF+90c-6VWJ_kBW=Z8Br-NOxKyuTkwStRg-OMBa6844w3=CjDA@mail.gmail.com>
Date: Sun, 17 Jun 2012 17:58:33 +0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <8714BC2A-45E2-4303-9769-8399AF316159@gmail.com>
References: <CAF+90c-6VWJ_kBW=Z8Br-NOxKyuTkwStRg-OMBa6844w3=CjDA@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
X-Mailer: Apple Mail (2.1278)
Subject: Re: [PHP-DEV] Adding a simple API for secure password hashing?
From: indeyets@gmail.com (Alexey Zakhlestin)


On 14.06.2012, at 1:31, Nikita Popov wrote:

> So, wouldn't it be better if PHP provided an easy to use API for
> secure password hashes natively? So you just have to call a single
> function, which magically handles everything for you (like salt
> generation).
>=20
> A simple sample API could be two functions password_hash($password)
> and password_hash_verify($password, $hash). But it could just as well
> be a fancy, extensible OOP API.

I guess SCrypt binding could be implemented.
http://www.tarsnap.com/scrypt.html

That's the best available option at the moment.
=
http://stackoverflow.com/questions/1226513/whats-the-advantage-of-scrypt-o=
ver-bcrypt

It is BSD-licensed, so we can easily bundle it with PHP

For the reference, here's the Python binding: =
https://bitbucket.org/mhallin/py-scrypt/src=