Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60878
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68809 invoked from network); 18 Jun 2012 15:42:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Jun 2012 15:42:30 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:63175] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 87/13-50426-56C4FDF4 for <internals@lists.php.net>; Mon, 18 Jun 2012 11:42:29 -0400
Received: by yenl12 with SMTP id l12so3768472yen.29
        for <internals@lists.php.net>; Mon, 18 Jun 2012 08:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=2AjxE+PkC3cjPusaDUDlKMwNXIkStov2xpZBoNsIwzc=;
        b=0oshYSorrWXCF7+7sbRvMNhvd0E0WkJojRlqV0cSwUzJ2j6G4PTsU8tdPSLSADSAyw
         5YnQnRQYQEm0pqvzw6TlWLf1UNrRimSheUuH/6Zpg+w6h52GzoFWYvzp1nNxsnhQrCOK
         1W/XGnJ9bsEQmPEwMK1cYJAU9HcNHpUktMxBiNmcqc5noVwoJVdhtc1vZTBxAcr+1OcP
         UXK1BhcaJvk7vrl5vrCSsc0kiCFeU492tpaYmlSzTiBYZn7ZNEiFID6Ph2YT4xIc+EhT
         uhA+6SAhrZi3nZxf/K8q/kDN9/2ZKa5Y/U3l3jVBoqIfD01Yrvnuk/1M8gY8Oigi9JOO
         tKVw==
MIME-Version: 1.0
Received: by 10.236.114.161 with SMTP id c21mr18989058yhh.51.1340034146706;
 Mon, 18 Jun 2012 08:42:26 -0700 (PDT)
Received: by 10.147.113.7 with HTTP; Mon, 18 Jun 2012 08:42:26 -0700 (PDT)
In-Reply-To: <3B162E01-67F6-4684-ACE7-40CAF73E9DC3@gmail.com>
References: <CAF+90c-6VWJ_kBW=Z8Br-NOxKyuTkwStRg-OMBa6844w3=CjDA@mail.gmail.com>
	<8714BC2A-45E2-4303-9769-8399AF316159@gmail.com>
	<CAEZPtU6tXBgnTuGOfnjjFYyFJQ5iKpWX2Tq1U+wEaoyvBchW7A@mail.gmail.com>
	<3B162E01-67F6-4684-ACE7-40CAF73E9DC3@gmail.com>
Date: Mon, 18 Jun 2012 17:42:26 +0200
Message-ID: <CAEZPtU7scvZegC8udp2eM65hYGHX4F-B_109GPMrXETOBjpRWg@mail.gmail.com>
To: Alexey Zakhlestin <indeyets@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Adding a simple API for secure password hashing?
From: pierre.php@gmail.com (Pierre Joye)

hi,

On Mon, Jun 18, 2012 at 11:06 AM, Alexey Zakhlestin <indeyets@gmail.com> wrote:

> The post says, that SCrypt is better, because it is way harder to solve.
> Bcrypt requires a lot of CPU, but SCrypt requires a lot of CPU + a lot of RAM

Ah right, I read it the other way 'round...

>>> It is BSD-licensed, so we can easily bundle it with PHP
>>
>> Maybe nice to have in pecl.'
>
> Sure, that's an option, but pecl won't help php to have default "state-of-art" password hashing toolset ;)

There is sadly only state-of-art-right-now password hashing methods.
We have to keep that in mind :)

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org