Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60990
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 96606 invoked from network); 27 Jun 2012 12:12:59 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2012 12:12:59 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.53 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.53 mail-yw0-f53.google.com  
Received: from [209.85.213.53] ([209.85.213.53:33818] helo=mail-yw0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 74/95-02132-BC8FAEF4 for <internals@lists.php.net>; Wed, 27 Jun 2012 08:12:59 -0400
Received: by yhp26 with SMTP id 26so1109919yhp.12
        for <internals@lists.php.net>; Wed, 27 Jun 2012 05:12:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=iMMqc0kY0yr+Hml9t7Kas7sRuZNTIEz+UXFE6uKHN6E=;
        b=LoeKYjuiLtqq0A09OTAz2GWY0r0zLAToUcX5Lmqppd9LeW2ga0L+/8/wVkqr9zojeG
         CcKGOhoQeMRCTf/sG/kK6awY+qn1RDFDy2z2L4ko5LqxWiJ0POkS41bkQ+WVFMDOQGg6
         3WzY4XJM95NeE/Hv8Tj2+HjWir5k5MpHDqiIlqulMdXzoEWGJkaw7P43OeO8jx5BjQA6
         NAvHU3am0b1PmOXMLSNh0/UFXkurF4ZYt7w/9EGJR5ME1/7ztpuow7PlQfGw3W1L6Zi8
         xe+6PNpWAxafElBvirY0gstIr1yLFDSVTiOUBl88opH97qjHMgm0QSuIwUCeuzqfHC9T
         U+pA==
MIME-Version: 1.0
Received: by 10.236.79.74 with SMTP id h50mr22162414yhe.104.1340799176192;
 Wed, 27 Jun 2012 05:12:56 -0700 (PDT)
Received: by 10.147.113.7 with HTTP; Wed, 27 Jun 2012 05:12:56 -0700 (PDT)
In-Reply-To: <op.wgj8g0h7idpuyk@damnation>
References: <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
	<CAJWj5+EA3vnNRMBxtVjcPhz1Ga5yqERkTnHoWsyx8Kxm05OEog@mail.gmail.com>
	<CAAyV7nETi6QxfAvPNFUzp02bX7Cm+ur5KnQH_CCahXH7qq7R_A@mail.gmail.com>
	<CAEZPtU7KGweFhOemFTc5O15DW4PK3qWErET+kx09Fa57JF2MhQ@mail.gmail.com>
	<op.wgj8g0h7idpuyk@damnation>
Date: Wed, 27 Jun 2012 14:12:56 +0200
Message-ID: <CAEZPtU4iPak5L3Ei=TKS9cnBY_vpEbRCbzSeqt8VUGye-m60Nw@mail.gmail.com>
To: Gustavo Lopes <glopes@nebm.ist.utl.pt>
Cc: Anthony Ferrara <ircmaxell@gmail.com>, Simon Schick <simonsimcity@gmail.com>, internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API
From: pierre.php@gmail.com (Pierre Joye)

hi,

On Wed, Jun 27, 2012 at 1:49 PM, Gustavo Lopes <glopes@nebm.ist.utl.pt> wrote:
> Em Wed, 27 Jun 2012 13:37:50 +0200, Pierre Joye <pierre.php@gmail.com>
> escreveu:
>
>
>> That's exactly what I meant, having a changing default in this may
>> force code change during php updates. I'm not in favour of having such
>> default.
>>
>
> This would not require any code changes after updates.
>
> As I understand, hashes computed with the old default method could still be
> checked without any modification as the hash itself stores information about
> the method.

That's only about one relatively simple use case where only PHP would
be involved or crypt-like implemenation. For any other and rather
common cases, it won't. I do not think a default should be implemented
and actually let the user knows what he uses and what he is doing.
That's one argument after all and clears all possible caveats.

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org