Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61942
Return-Path: <jbondc@openmv.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 31122 invoked from network); 1 Aug 2012 19:09:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Aug 2012 19:09:39 -0000
Authentication-Results: pb1.pair.com smtp.mail=jbondc@openmv.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=jbondc@openmv.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain openmv.com from 64.15.152.204 cause and error)
X-PHP-List-Original-Sender: jbondc@openmv.com
X-Host-Fingerprint: 64.15.152.204 mail.ca.gdesolutions.com  
Received: from [64.15.152.204] ([64.15.152.204:60993] helo=mail.ca.gdesolutions.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3C/A2-32875-2FE79105 for <internals@lists.php.net>; Wed, 01 Aug 2012 15:09:39 -0400
Received: from localhost (localhost [127.0.0.1])
	by mail.ca.gdesolutions.com (Postfix) with ESMTP id 1EC7D5DB8;
	Wed,  1 Aug 2012 15:09:36 -0400 (EDT)
X-Virus-Scanned: amavisd-new at gdesolutions.com
Received: from mail.ca.gdesolutions.com ([127.0.0.1])
	by localhost (mail.ca.gdesolutions.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6ECMnD6zZ3nI; Wed,  1 Aug 2012 15:09:35 -0400 (EDT)
Received: from djbondc (modemcable166.116-70-69.static.videotron.ca [69.70.116.166])
	by mail.ca.gdesolutions.com (Postfix) with ESMTPSA id 513925DB7;
	Wed,  1 Aug 2012 15:09:35 -0400 (EDT)
To: "'Anthony Ferrara'" <ircmaxell@gmail.com>
Cc: <internals@lists.php.net>
References: <CAAyV7nFRT24rksh6iDWxstfQwJ4+KdEC7Zs6EC8wBtJ8Zorf7w@mail.gmail.com>	<4FFF1831.8070902@sugarcrm.com>	<CAAyV7nHi0k6S-zbi5=xCE8EmXpaEds9RoZTB8RPOeO8K_ZLY=w@mail.gmail.com>	<005101cd6f18$9da38510$d8ea8f30$@com>	<CAAyV7nGOiVD0=z+6nJKAhr6qu96GuU4+nBTTQiizcP9DxNRUUg@mail.gmail.com>	<009401cd6f28$b71c69c0$25553d40$@com>	<CAAyV7nH8w5j+AQYQqh0O5eA78tjrvEzAAvKkPNPNrRFhBvDxvQ@mail.gmail.com>	<00b701cd6f35$b2d621a0$188264e0$@com> <CAAyV7nHr532Bi-K0k99wSSg5RgJYLGAdusMqCYt9pRRr6LqscA@mail.gmail.com>
In-Reply-To: <CAAyV7nHr532Bi-K0k99wSSg5RgJYLGAdusMqCYt9pRRr6LqscA@mail.gmail.com>
Date: Wed, 1 Aug 2012 15:09:35 -0400
Message-ID: <009501cd7019$312f7720$938e6560$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac1vOI0dLe8Cixv3SOaP78lolHUdHQA4A1Jw
Content-Language: en-ca
Subject: RE: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions
From: jbondc@openmv.com ("Jonathan Bond-Caron")

> 
> Also, be aware that BCrypt only uses the first 72 characters of the 
> password field. So if you use a hex encoded sha512 output, a good deal 
> of entropy would be lost (almost half of it)...
> 

Good to know, do most hash algorithms have limitations on the # of chars as
input?

That would explain why (password || key) into a hash function has
limitations.