Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:69771 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 45251 invoked from network); 22 Oct 2013 17:24:20 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Oct 2013 17:24:20 -0000 Authentication-Results: pb1.pair.com header.from=adam@adamharvey.name; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=adam@adamharvey.name; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain adamharvey.name designates 209.85.223.169 as permitted sender) X-PHP-List-Original-Sender: adam@adamharvey.name X-Host-Fingerprint: 209.85.223.169 mail-ie0-f169.google.com Received: from [209.85.223.169] ([209.85.223.169:64881] helo=mail-ie0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 16/48-10840-3C4B6625 for ; Tue, 22 Oct 2013 13:24:20 -0400 Received: by mail-ie0-f169.google.com with SMTP id ar20so2363168iec.28 for ; Tue, 22 Oct 2013 10:24:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamharvey.name; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=zGZFDZBHBI5ZgSa7NQwM++k+v5RxK7af6U5TsF1se+M=; b=XWukMfsNVXP+2WhBZYvMaUzavCOJHwCM6aCm/PfTQ1vOeYZsZcPoj0S/00y5LSVefK K68giq+XJnNEeicqY+Y4/w70wUiqMg7ptZ7Ywrp6Ku1hisUvl6WfqNBolvMCyep26MCy O60tzJ3P/++gCpQ38cnhr16XTsWs7a0YKJge4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=zGZFDZBHBI5ZgSa7NQwM++k+v5RxK7af6U5TsF1se+M=; b=Twd3zKZPJq2ij89SVqaN5Vji+YF52iv1ej8XhT66rUYLvejHGjLrWYpfZzzoVbkdUF frSjMLXNpb/RsutW4KQJJCtv/OQ04oqLfM+Sy1yKCnkAsuERcIctgQZE7gz48+zyu1L+ afG1XBq7Dy2RjCrv1HTm//VL1DbkJKri3G+BOWyIByLnJfwrzbx3Yh3MchihlTvJNbZS axD8EapmyPfOeWL+LPV/fi5KJ+SNCTRUrzm2HDsOZD6Y/FnTjqMxp3/VeIbwN8gbdlAH inx4UZn2CyHnNh4uF4lXGPBl3xiQYr1FBxDnsPclsfupAvHqdZklzoCDHlF53r7cNvaK f82g== X-Gm-Message-State: ALoCoQnx2hpA0ZDzSTxRJjYVQwADR4/YBCgF/Uasfe6yoYtbKd4ZEahY7VZ9A4mxZO5wvJerjtbf X-Received: by 10.50.49.65 with SMTP id s1mr14226723ign.43.1382462657132; Tue, 22 Oct 2013 10:24:17 -0700 (PDT) MIME-Version: 1.0 Sender: adam@adamharvey.name Received: by 10.42.206.208 with HTTP; Tue, 22 Oct 2013 10:23:56 -0700 (PDT) In-Reply-To: <5266B404.60806@php.net> References: <8C33E1D9-8689-4E81-A79B-644CB690DB64@gmail.com> <52664C58.3020901@ajf.me> <5266B404.60806@php.net> Date: Tue, 22 Oct 2013 10:23:56 -0700 X-Google-Sender-Auth: UGH4jht2FtDNzpnKH7_YfmaXLpg Message-ID: To: Joe Watkins Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [VOTE] Change crypt() behavior w/o salt From: aharvey@php.net (Adam Harvey) On 22 October 2013 10:21, Joe Watkins wrote: > On 10/22/2013 06:11 PM, Adam Harvey wrote: >> "Generating an insecure weak hash as no salt was given: please ensure >> the salt parameter is specified and uses a strong hash type in order >> to generate a cryptographically secure hash" > > Wonder how well it will translate ?? I tried to use the obvious scary keywords to make it obvious. If you think the grammar on that version is convoluted, you should have seen the first draft. :) > Generating should be Generated, no ?? I like the present tense here =E2=80=94 it's what crypt() IS doing, not wha= t it did. Makes it urgent. That said, I'm not super fussed either way. Adam