Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61071
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93827 invoked from network); 2 Jul 2012 20:55:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Jul 2012 20:55:22 -0000
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.170 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.216.170 mail-qc0-f170.google.com  
Received: from [209.85.216.170] ([209.85.216.170:59478] helo=mail-qc0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3E/43-13131-ABA02FF4 for <internals@lists.php.net>; Mon, 02 Jul 2012 16:55:22 -0400
Received: by qcmt36 with SMTP id t36so3529466qcm.29
        for <internals@lists.php.net>; Mon, 02 Jul 2012 13:55:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=1IHfucPIf16cLEv0PfOMwxzHaxwYBd65iqYqBeFTGkU=;
        b=wWLhMRn1qCYKvr3Y4h7UcsDyoseiV1z1DQJJUAFn813Voqe7D86thHfrV1ykN/xboT
         pQcDhyGVVeEoz4cmE8KBBed9UG8/xYfnBiICtSv90PAjAp/YfsnEECicEzOM+Dp7h1de
         IAaVsA3hcxaWWuJMBLLVxKmEq76N+kD1Kq2uRFB1wDlq8epibm7t8AVIkYLQAiVMrDZM
         dlBj4xf1Hs/E0K8kLYfo6qck7DB/UtQwpXs07cVKbMdOQpulQ/cZm48Har8cat2gctwj
         SMsNvnUN397NLpA4XrnbDGONSEjhQl4NHTCWaFv7JK6kUR+N47shByGFw8rVn1aSWHd6
         QpGQ==
MIME-Version: 1.0
Received: by 10.224.217.9 with SMTP id hk9mr3187390qab.58.1341262519375; Mon,
 02 Jul 2012 13:55:19 -0700 (PDT)
Received: by 10.229.232.11 with HTTP; Mon, 2 Jul 2012 13:55:19 -0700 (PDT)
In-Reply-To: <4FF1FD89.6090308@oracle.com>
References: <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
	<4FF1FD89.6090308@oracle.com>
Date: Mon, 2 Jul 2012 16:55:19 -0400
Message-ID: <CAAyV7nFbVwZmxwnJhvdyHGydm1pJYL4P2obAsCFR0iKoxU5WHA@mail.gmail.com>
To: Christopher Jones <christopher.jones@oracle.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API
From: ircmaxell@gmail.com (Anthony Ferrara)

Chris,

> Can you update the RFC (aka future documentation) and make this obvious
> to an end user?

I just made an update (in the behavior sections). Let me know if
additional clarification is needed.

> I think PASSWORD_BCRYPT should be an ordinal value, which the new
> library maps to "2y" when bcrypt is called.

That would be fine. The initial goal for mapping the prefix to the
constant was to provide the ability to map hash prefixes to the
argument. That way, we could add user-supplied algorithms and base
everything off the prefix with no additional mapping needed. But now
that's off the table, I think switching back to an ordinal would be
fine (and would pretty up the code a bit)...

> The API of password_make_salt() seems restrictive. =A0What if other
> options are needed in future?

Can you give any examples of what options would be needed in the
future, or how you would like to see the API?

Thanks for the feedback!

Anthony