Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61184
Return-Path: <alex.aulbach@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33324 invoked from network); 12 Jul 2012 17:50:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Jul 2012 17:50:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=alex.aulbach@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=alex.aulbach@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender)
X-PHP-List-Original-Sender: alex.aulbach@gmail.com
X-Host-Fingerprint: 209.85.160.42 mail-pb0-f42.google.com  
Received: from [209.85.160.42] ([209.85.160.42:40712] helo=mail-pb0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A0/A4-11045-E5E0FFF4 for <internals@lists.php.net>; Thu, 12 Jul 2012 13:50:23 -0400
Received: by pbbrp12 with SMTP id rp12so4574666pbb.29
        for <internals@lists.php.net>; Thu, 12 Jul 2012 10:50:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:cc
         :content-type;
        bh=aeISyO8FRJ1l+V+ci95hjkHIbN1rJAgHZedHp3gzClY=;
        b=ShGEMya4VFe7FnaX0FG/zL07cW0BLo7BxCMmc23esVAK5uVqjQfcih/rIJfQsvYfAx
         aO0LQdGb8+2oxGB7GQvJp+P3zdRUz3s88kW4NHkjJmAnQyQ8QEeej5cA6NVyd57x7TNn
         OJRMG55xgZwQ2msC+QpQ2tjDmyqU5ZI/P6dHW39gAq2cW6jnM5uZcu+AIk88o+9qTzCM
         Zuq8xGnmQdbG2pkQMznqisemoavQsQ1ZxE7Wpoiaw66VFOsdipCDMEJVxNYxYe6WNDMF
         QUo1tS6kyg/KKTdwcoK+IUrfc/1t2Tv29MgcvKr+Lec1liFJGu2NsD1NympzT68X174l
         leYg==
MIME-Version: 1.0
Received: by 10.68.226.38 with SMTP id rp6mr7291811pbc.90.1342115419824; Thu,
 12 Jul 2012 10:50:19 -0700 (PDT)
Received: by 10.68.31.7 with HTTP; Thu, 12 Jul 2012 10:50:19 -0700 (PDT)
In-Reply-To: <CAF+90c-3HwTSgt+axxFPfaU-Xq_Qf7wuiJ=E_5YnquLpWzGk+Q@mail.gmail.com>
References: <CAAyV7nFRT24rksh6iDWxstfQwJ4+KdEC7Zs6EC8wBtJ8Zorf7w@mail.gmail.com>
	<CAKZjf5ROuK-Kt1GAPJm0A2-mksw2kJ7C4bOMtz1+dPrYheqzSA@mail.gmail.com>
	<CAF+90c-3HwTSgt+axxFPfaU-Xq_Qf7wuiJ=E_5YnquLpWzGk+Q@mail.gmail.com>
Date: Thu, 12 Jul 2012 19:50:19 +0200
Message-ID: <CAKZjf5T76Wt2F0ZU_qqo6N2AYwMEUqmZ9H6SDFWQzQkUGE1h9Q@mail.gmail.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified
 password hashing functions
From: alex.aulbach@gmail.com (Alex Aulbach)

2012/7/12 Nikita Popov <nikita.ppv@gmail.com>:
> On Thu, Jul 12, 2012 at 7:24 PM, Alex Aulbach <alex.aulbach@gmail.com> wrote:
>> 1. The resulting string should have a version information. For example
>> the first char. the example hash will look like
>> "1$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi",
>> instead of "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"
>
> See that 2y in the string? That's the version information. If a
> different algorithm is used, a different string will be in there. This
> also applies to changes to the algorithm itself. E.g. the 2y prefix is
> already a modified version of the original bcrypt algorithm.
>
> Nikita

Cool. "y" is the algorithm? I just ask to be sure. :)

How do I know which version I'm using? Think about checking if I'm
able to handle this version-hashes. Or other things like "generate a
hash for version 1 instead of version 2, because I know what I'm
doing". I mean: We can just fail with verify, but it would be
sometimes great to know, why it fails. :)

-- 
Alex Aulbach