Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61081
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77247 invoked from network); 3 Jul 2012 12:06:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Jul 2012 12:06:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.161.170 mail-gg0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:32946] helo=mail-gg0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 51/46-42839-140E2FF4 for <internals@lists.php.net>; Tue, 03 Jul 2012 08:06:26 -0400
Received: by ggnf2 with SMTP id f2so5949344ggn.29
        for <internals@lists.php.net>; Tue, 03 Jul 2012 05:06:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=O/xeDvafvkW9GAp9xjZtbyQiGLMFVm/o/ioYfIiGXAM=;
        b=axtYmGp+eaYpbJ6QArV3EeZEIqFp8qZUPio1WpDU9Nh8OYPLnRf/tG0gZ6dSKbUUSY
         pB3odzounCay+UUUtoLOhqiIDPXKutcObHvWFKoEUV1Mrh4Wmtm1JjSAT42Nrt7pkL8n
         0b+8tkKdhomhr1RdlAxDPYnmvZ2/ok9zQ2UBinqQ2FcAx5/F20Mp+bBzYlSRCS7oh0q6
         MHsG9CJSqbxLcz6kq3COMhgltK/vw0F84f2XyLXI2Sn70O1tWXDkQz755PiWI8gTlrxG
         lUu13JwXITXwKaS1lvYq+YM9noYD07v1wcFfa1DNznUEk+CKwlGC6KMs5WI22PWTEAnj
         kDBg==
MIME-Version: 1.0
Received: by 10.236.79.74 with SMTP id h50mr19779925yhe.104.1341317183145;
 Tue, 03 Jul 2012 05:06:23 -0700 (PDT)
Received: by 10.147.113.7 with HTTP; Tue, 3 Jul 2012 05:06:23 -0700 (PDT)
In-Reply-To: <CAAyV7nEqEDcAPoBypHr=LMyP6Y9-0Z5yL-0HWTeFuqSp82kA2g@mail.gmail.com>
References: <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
	<CAJWj5+EA3vnNRMBxtVjcPhz1Ga5yqERkTnHoWsyx8Kxm05OEog@mail.gmail.com>
	<CAAyV7nETi6QxfAvPNFUzp02bX7Cm+ur5KnQH_CCahXH7qq7R_A@mail.gmail.com>
	<CAEZPtU7KGweFhOemFTc5O15DW4PK3qWErET+kx09Fa57JF2MhQ@mail.gmail.com>
	<op.wgj8g0h7idpuyk@damnation>
	<CAEZPtU4iPak5L3Ei=TKS9cnBY_vpEbRCbzSeqt8VUGye-m60Nw@mail.gmail.com>
	<CAAyV7nEqEDcAPoBypHr=LMyP6Y9-0Z5yL-0HWTeFuqSp82kA2g@mail.gmail.com>
Date: Tue, 3 Jul 2012 14:06:23 +0200
Message-ID: <CAEZPtU7oR8Z=y5W15Jg6HHseeU_SJUdDsuhqrB5tjeBqrBjp-Q@mail.gmail.com>
To: Anthony Ferrara <ircmaxell@gmail.com>
Cc: Gustavo Lopes <glopes@nebm.ist.utl.pt>, Simon Schick <simonsimcity@gmail.com>, 
	internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API
From: pierre.php@gmail.com (Pierre Joye)

hi Anthony,

On Tue, Jul 3, 2012 at 1:53 PM, Anthony Ferrara <ircmaxell@gmail.com> wrote:
> Pierre,
>
> Getting back to the PASSWORD_DEFAULT discussion...
>
> I know you didn't like PASSWORD_MOST_SECURE. So what about keeping
> PASSWORD_DEFAULT as a moving target, documented, and just making the
> second parameter (algo) to password_hash required? That way users
> could choose between PASSWORD_BCRYPT and PASSWORD_DEFAULT.
>
> That way, over time, PASSWORD_DEFAULT could be updated, and it would
> be documented that it would change. But it would require them to
> understand that it could change...
>
> Would that satisfy your issues?

Yes.

Using this constant name and clearly document its changing nature is
fine. The argument being required fully solves my worry about optional
argument with changing default value.

Thanks for your efforts and work!

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org