Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:68413
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40760 invoked from network); 8 Aug 2013 01:21:27 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Aug 2013 01:21:27 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.48 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.48 mail-la0-f48.google.com  
Received: from [209.85.215.48] ([209.85.215.48:63926] helo=mail-la0-f48.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6E/26-06453-692F2025 for <internals@lists.php.net>; Wed, 07 Aug 2013 21:21:26 -0400
Received: by mail-la0-f48.google.com with SMTP id hi8so1671599lab.7
        for <internals@lists.php.net>; Wed, 07 Aug 2013 18:21:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:content-type;
        bh=AMjvIFr2x1ovnDUag/+5pc6e7X76KPDGA1YwtXX5k1Y=;
        b=PwaG1ZfW3ZGYzOHx5qGcLPr42A16Fvsq2A1b4HC5vIivvsPRoedGEkhNwup/5q6/sP
         EOhRYqKTxvLZY16TNyWNJQjx67m3Ii41IywhHb2jPiKRrkeBUS9kavhyh5RVtwKIa6ck
         nCczImw2L8VV8QL5ApXQqcb+QqVIRygps3dQEAuI5ChPjOeTR4zBcDm/kkqGtbet4l9D
         g/7+FQG36oXdjbrLiExOPQFdiPq7hWoED5tUfkIlp3VPdzkV02PcT+iHUqDt8/KmN9Eh
         pKbxlMyn3MzzXP7UAxALySYb/0PgozRGAjRvXd45VhC1stGlBq9Z1S47tQel+jQJhSo6
         y08w==
X-Received: by 10.152.37.41 with SMTP id v9mr2680267laj.9.1375924882971; Wed,
 07 Aug 2013 18:21:22 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.127.233 with HTTP; Wed, 7 Aug 2013 18:20:42 -0700 (PDT)
In-Reply-To: <5202AE51.3010005@sugarcrm.com>
References: <CAGa2bXZPwU=MNS3gvcsQK6uEfdTsbk8K9OMX7Y4ZUOUFCJy8HA@mail.gmail.com>
 <5202AE51.3010005@sugarcrm.com>
Date: Thu, 8 Aug 2013 10:20:42 +0900
X-Google-Sender-Auth: nKnvFWmoRQYsXqeE1zlcrc61r60
Message-ID: <CAGa2bXYpnryP9wMTO+BdE63wth6ERcLVP6t7D_8JJjLtTC0TKg@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e0160b998e3202204e3657993
Subject: Re: [PHP-DEV] crypt() should raise error without 2nd parameter
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e0160b998e3202204e3657993
Content-Type: text/plain; charset=UTF-8

Hi all,

It seems there are 2 options for master branch when crypt()'s 2nd parameter
is omitted.

 - raise E_DEPRECIATED that advice use of stronger salt or password_hash()
       and make 2nd parameter required for future release.
 - make crypt() use stronger default salt/hash w/o error

Since password_hash() is supposed to do better job, first option seems
better to me.

Do I have to setup vote?

Regards,


--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e0160b998e3202204e3657993--