Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:60982 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 84030 invoked from network); 27 Jun 2012 11:24:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jun 2012 11:24:54 -0000 Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.42 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.216.42 mail-qa0-f42.google.com Received: from [209.85.216.42] ([209.85.216.42:48019] helo=mail-qa0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C8/D2-02132-58DEAEF4 for ; Wed, 27 Jun 2012 07:24:53 -0400 Received: by qafi31 with SMTP id i31so2709831qaf.8 for ; Wed, 27 Jun 2012 04:24:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lbYGp8WEc0RDYW3FHvdC701iQKCaP5j+5mzMOZ0UTRA=; b=Dldl8qzAhHdX9Iua70NrrM6wcXi84BzltPLm5G/Ht+9qEtAWeLkXFyO/Ag/cJit12v R1Yc9uzORKZ6nSbmXxFgIa4OAT3yukRab65P54/639UfaUo3n2KUqjDQvhXwaIyOZEAr gTEcUZUhSEIGFK7YuDWQFIYDXYXrVgkekOJFtWxDj4YtYEdf7MxsZtmnukqhzF3egbFi 0XpJTO+hbOWO1o8x4z3EtGKwjMdgcl2BZNimpYkNxnKDC6PEFR8YZB7H2igRLj714p95 Z2p+y4ZIuBm32s3Y7W1kRXOpuhN48uB9xShM1MNlu1cFr6gnAVOMwIvlzOJhgdyOcoEX TH3A== MIME-Version: 1.0 Received: by 10.229.135.81 with SMTP id m17mr6441972qct.97.1340796290190; Wed, 27 Jun 2012 04:24:50 -0700 (PDT) Received: by 10.229.232.11 with HTTP; Wed, 27 Jun 2012 04:24:49 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 Jun 2012 07:24:49 -0400 Message-ID: To: Simon Schick Cc: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API From: ircmaxell@gmail.com (Anthony Ferrara) Simon, > * Will the value of the constant PASSWORD_DEFAULT remain unchanged forever? > Otherwise this lib, in my opinion, can cause big problems when trying to > port an existing system to a newer PHP-version. No. That's why it's a separate constant. As newer, stronger hashing options become available, the default is designed to change over time. I'll update the RFC to indicate such. > * Is this a native version of phpass? http://www.openwall.com/phpass/ In a sense, yes. It's designed to have a dirt-simple API (similar to yours) built in to the core. Thanks, Anthony