Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61010
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 85535 invoked from network); 28 Jun 2012 01:52:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Jun 2012 01:52:53 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.42 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.216.42 mail-qa0-f42.google.com  
Received: from [209.85.216.42] ([209.85.216.42:49460] helo=mail-qa0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/62-08168-4F8BBEF4 for <internals@lists.php.net>; Wed, 27 Jun 2012 21:52:52 -0400
Received: by qafi31 with SMTP id i31so3151451qaf.8
        for <internals@lists.php.net>; Wed, 27 Jun 2012 18:52:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=jpPomYniczjdNTdSW2KHg1ruKy3z3ghmgznseLVnc6w=;
        b=QTHA3ktoOVSQuQ8qpVIJnDY34DYTftXkRY2nEH0mD7J1RRrtyqwQXQV39cRUkkUH4c
         XGMi8ZKrTq2DxWTjAcM3G1LwFwod88yVQNBvdOTB9MpA6GpYTcUFLWT0PIWX64WFbv4f
         HOJqThpCClgVH/SiZve0OCuaY5Zoxzvq4chwdf/TdXVyInAfi9qvpkqqCEvl1mEoTRS1
         WJ6n+jJ49HAWkHNu/IAPZ8AovnB/xRW3l7eWTrAQHw8xDpsDvHkUl77LFq9teCoiprxb
         62zqnpiHo3i7pvi6PnK26uYk741sWyEAVaD6CtiTjVPkG0awOIwkP49LsSc1I8DU+C+O
         7RHw==
MIME-Version: 1.0
Received: by 10.224.179.6 with SMTP id bo6mr691201qab.17.1340848369912; Wed,
 27 Jun 2012 18:52:49 -0700 (PDT)
Received: by 10.229.232.11 with HTTP; Wed, 27 Jun 2012 18:52:49 -0700 (PDT)
In-Reply-To: <CAL0xaBERa3tcz8+48KwLLdr=rYMUAG6Kumf=OhKCEa5wnwwCuQ@mail.gmail.com>
References: <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
	<CAJWj5+EA3vnNRMBxtVjcPhz1Ga5yqERkTnHoWsyx8Kxm05OEog@mail.gmail.com>
	<CAAyV7nETi6QxfAvPNFUzp02bX7Cm+ur5KnQH_CCahXH7qq7R_A@mail.gmail.com>
	<CAEZPtU7KGweFhOemFTc5O15DW4PK3qWErET+kx09Fa57JF2MhQ@mail.gmail.com>
	<op.wgj8g0h7idpuyk@damnation>
	<CAEZPtU4iPak5L3Ei=TKS9cnBY_vpEbRCbzSeqt8VUGye-m60Nw@mail.gmail.com>
	<CAAyV7nEq98jokXwu2eu4oiOpkEvQTEMaFb2fKk3DE=tiUi9-zQ@mail.gmail.com>
	<op.wgkaf1ocidpuyk@damnation>
	<CAEZPtU4bH9Mpj40OYP=k4oTQGhfdp3btf11GwvLUo59XS8O2uA@mail.gmail.com>
	<CAAyV7nFY_BbKQ5BPZ8Huzrc7114n5XeibTRpJ-MSJhW9apPscg@mail.gmail.com>
	<CAL0xaBEVkdCqy6sorYn7fpgx3sGs4NNmj+BGLUfjUeD+UVTqDA@mail.gmail.com>
	<CAAyV7nFrr4YSokgeJmCam0rqz_hJmXtzsN9L6eGcTYY80phU=A@mail.gmail.com>
	<CAL0xaBERa3tcz8+48KwLLdr=rYMUAG6Kumf=OhKCEa5wnwwCuQ@mail.gmail.com>
Date: Wed, 27 Jun 2012 21:52:49 -0400
Message-ID: <CAAyV7nGyL72S+0KnMPmPrAH0XU0gp79-4pvSY_+sDMa+U69W5A@mail.gmail.com>
To: Arvids Godjuks <arvids.godjuks@gmail.com>
Cc: internals@lists.php.net, Pierre Joye <pierre.php@gmail.com>, 
	Simon Schick <simonsimcity@gmail.com>, Gustavo Lopes <glopes@nebm.ist.utl.pt>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API
From: ircmaxell@gmail.com (Anthony Ferrara)

Arvids,

On Wed, Jun 27, 2012 at 12:32 PM, Arvids Godjuks
<arvids.godjuks@gmail.com> wrote:
> On that note I have only one request - please point me to the good article
> that describes how this thing works (I would prefer one that at least tries
> to explain in simple words) because at the moment i do not understand how
> salt stored in the hash itself makes hash more secure than an unsalted one.

Here are some articles that are worth while:

http://php.net/manual/en/function.crypt.php
http://www.devshed.com/c/a/PHP/Using-the-PHP-Crypt-Function/
http://stackoverflow.com/a/4808616/338665

If more explanation is needed, I can try to expand the RFC a bit more.
But give the new sections a read and let me know what you think.

Thanks,

Anthony