Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:68423
Return-Path: <hannes.magnusson@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64022 invoked from network); 8 Aug 2013 04:22:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Aug 2013 04:22:39 -0000
Authentication-Results: pb1.pair.com header.from=hannes.magnusson@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=hannes.magnusson@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.169 as permitted sender)
X-PHP-List-Original-Sender: hannes.magnusson@gmail.com
X-Host-Fingerprint: 209.85.217.169 mail-lb0-f169.google.com  
Received: from [209.85.217.169] ([209.85.217.169:33237] helo=mail-lb0-f169.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 09/DA-06453-E0D13025 for <internals@lists.php.net>; Thu, 08 Aug 2013 00:22:39 -0400
Received: by mail-lb0-f169.google.com with SMTP id u10so2112639lbi.0
        for <internals@lists.php.net>; Wed, 07 Aug 2013 21:22:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=PEPkQS6xJUZCuC7JhpfDdfbPpcnzDXuYAJtWaAPe+qQ=;
        b=rFbyqGH5ccpwtLcem34G6DZYR9rzuB1ddYEyoVr6y+AE2wTDsfckLfpRyT3F97YAKH
         bOShRCnFA1VJjTdBP6RFBFwwyY7GMTEyA0qZvN7iL36xi70SW3YIguSTHlZPf6QkGotk
         DuZEEP8V+V/FBn55ICDg5l4GVeiYr5MtGKrXDXlgNYxvFkZnOQm3rPC3xxZ8lqYXzGM5
         3s45ujKm44IrTS162+L45CFggAP30EiHsVPCnAVDqwdjmvnPmMmFou/evAsVG3G0Rgit
         X85ox+VoI4NWR29L2QIogYUP3ppRh3SH6PSGky53zmKJps/gqK5O180RDDDc/Z2XqGS9
         Rf8g==
MIME-Version: 1.0
X-Received: by 10.152.22.198 with SMTP id g6mr2819503laf.5.1375935756090; Wed,
 07 Aug 2013 21:22:36 -0700 (PDT)
Received: by 10.114.59.173 with HTTP; Wed, 7 Aug 2013 21:22:36 -0700 (PDT)
In-Reply-To: <CAGa2bXYpnryP9wMTO+BdE63wth6ERcLVP6t7D_8JJjLtTC0TKg@mail.gmail.com>
References: <CAGa2bXZPwU=MNS3gvcsQK6uEfdTsbk8K9OMX7Y4ZUOUFCJy8HA@mail.gmail.com>
	<5202AE51.3010005@sugarcrm.com>
	<CAGa2bXYpnryP9wMTO+BdE63wth6ERcLVP6t7D_8JJjLtTC0TKg@mail.gmail.com>
Date: Wed, 7 Aug 2013 21:22:36 -0700
Message-ID: <CADNQb0U6dXt22ky45DxWGJnyZRUfAxSHRoxN=fgJuowD_QQikA@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] crypt() should raise error without 2nd parameter
From: hannes.magnusson@gmail.com (Hannes Magnusson)

On Wed, Aug 7, 2013 at 6:20 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
> Hi all,
>
> It seems there are 2 options for master branch when crypt()'s 2nd parameter
> is omitted.
>
>  - raise E_DEPRECIATED that advice use of stronger salt or password_hash()
>        and make 2nd parameter required for future release.
>  - make crypt() use stronger default salt/hash w/o error
>
> Since password_hash() is supposed to do better job, first option seems
> better to me.


Deprecating it means it will be removed in the future.

Please leave the function alone. This should be solved with education,
not a gun to peoples head.

-Hannes