Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:61070 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80853 invoked from network); 2 Jul 2012 19:59:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Jul 2012 19:59:11 -0000 Authentication-Results: pb1.pair.com smtp.mail=christopher.jones@oracle.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=christopher.jones@oracle.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain oracle.com designates 141.146.126.227 as permitted sender) X-PHP-List-Original-Sender: christopher.jones@oracle.com X-Host-Fingerprint: 141.146.126.227 acsinet15.oracle.com Received: from [141.146.126.227] ([141.146.126.227:50626] helo=acsinet15.oracle.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 08/60-13131-E8DF1FF4 for ; Mon, 02 Jul 2012 15:59:11 -0400 Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q62Jx6ri023104 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 2 Jul 2012 19:59:07 GMT Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q62Jx6Lg017821 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jul 2012 19:59:06 GMT Received: from abhmt113.oracle.com (abhmt113.oracle.com [141.146.116.65]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q62Jx6lk031533; Mon, 2 Jul 2012 14:59:06 -0500 Received: from [130.35.70.154] (/130.35.70.154) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 02 Jul 2012 12:59:06 -0700 Message-ID: <4FF1FD89.6090308@oracle.com> Date: Mon, 02 Jul 2012 12:59:05 -0700 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Anthony Ferrara CC: internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: acsinet21.oracle.com [141.146.126.237] Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API From: christopher.jones@oracle.com (Christopher Jones) On 06/26/2012 08:25 AM, Anthony Ferrara wrote: > Hello All, > > I've taken the conversation of the previous simplified password > hashing API, and generated a patch and draft RFC for it. The patch > isn't ready yet (needs review, cleanup and testing), but it's a start. > > https://wiki.php.net/rfc/password_hash > > Please have a look and comment away! > > Thanks, > > Anthony > Hi Anthony, I think PASSWORD_BCRYPT should be an ordinal value, which the new library maps to "2y" when bcrypt is called. The API of password_make_salt() seems restrictive. What if other options are needed in future? Chris -- christopher.jones@oracle.com http://twitter.com/#!/ghrd