Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61180
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27531 invoked from network); 12 Jul 2012 17:32:48 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Jul 2012 17:32:48 -0000
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.42 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.214.42 mail-bk0-f42.google.com  
Received: from [209.85.214.42] ([209.85.214.42:34776] helo=mail-bk0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A8/53-11045-F3A0FFF4 for <internals@lists.php.net>; Thu, 12 Jul 2012 13:32:48 -0400
Received: by bkcjm19 with SMTP id jm19so2259986bkc.29
        for <internals@lists.php.net>; Thu, 12 Jul 2012 10:32:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=HqnFnL/S5Q4xuXqVrOId3Uj6hw8Ts/Ig8V+0boNP4Ro=;
        b=rTSvumlmLfiP2LxTC8DzlWkXLyf29re+x/+1XK6HklFKBLQ/mt6JOfLzMfHIOiT4RC
         zSve4tD8FM9KiHosqmExe+5lt2nwzOuAQaxdIl+nRZMo9PkYXEZRoev5ti/n+kH/BWFb
         CRamLPkBn5brJhHL9G2shmbqpJ/T7fAOb6peUnt23v6ze6RDtGylxhphpQ1/eftOpTkh
         in6yPd/RPxJZUlK2f0z72VggzLLBgQVxLrdlBIvytiBWMP65nQMYc8ONnIYeRs+5X19H
         PBoG8yv2yRmtWj5cy81M9Kfz68ysWPpm5/FmhjLuk7RQVGDcrVCI38liAoRF+VcptYfH
         eWFQ==
MIME-Version: 1.0
Received: by 10.152.106.233 with SMTP id gx9mr4506513lab.48.1342114364494;
 Thu, 12 Jul 2012 10:32:44 -0700 (PDT)
Received: by 10.152.114.70 with HTTP; Thu, 12 Jul 2012 10:32:44 -0700 (PDT)
In-Reply-To: <CAKZjf5ROuK-Kt1GAPJm0A2-mksw2kJ7C4bOMtz1+dPrYheqzSA@mail.gmail.com>
References: <CAAyV7nFRT24rksh6iDWxstfQwJ4+KdEC7Zs6EC8wBtJ8Zorf7w@mail.gmail.com>
	<CAKZjf5ROuK-Kt1GAPJm0A2-mksw2kJ7C4bOMtz1+dPrYheqzSA@mail.gmail.com>
Date: Thu, 12 Jul 2012 19:32:44 +0200
Message-ID: <CAF+90c-3HwTSgt+axxFPfaU-Xq_Qf7wuiJ=E_5YnquLpWzGk+Q@mail.gmail.com>
To: Alex Aulbach <alex.aulbach@gmail.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified
 password hashing functions
From: nikita.ppv@gmail.com (Nikita Popov)

On Thu, Jul 12, 2012 at 7:24 PM, Alex Aulbach <alex.aulbach@gmail.com> wrote:
> 1. The resulting string should have a version information. For example
> the first char. the example hash will look like
> "1$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi",
> instead of "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"

See that 2y in the string? That's the version information. If a
different algorithm is used, a different string will be in there. This
also applies to changes to the algorithm itself. E.g. the 2y prefix is
already a modified version of the original bcrypt algorithm.

Nikita