Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:75108 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58572 invoked from network); 27 Jun 2014 05:09:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jun 2014 05:09:23 -0000 Authentication-Results: pb1.pair.com smtp.mail=solar@openwall.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=solar@openwall.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain openwall.com designates 195.42.179.200 as permitted sender) X-PHP-List-Original-Sender: solar@openwall.com X-Host-Fingerprint: 195.42.179.200 mother.openwall.net Received: from [195.42.179.200] ([195.42.179.200:62046] helo=mother.openwall.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DE/35-11209-08CFCA35 for ; Fri, 27 Jun 2014 01:09:21 -0400 Received: (qmail 21863 invoked from network); 27 Jun 2014 05:09:17 -0000 Received: from localhost (HELO pvt.openwall.com) (127.0.0.1) by localhost with SMTP; 27 Jun 2014 05:09:17 -0000 Received: by pvt.openwall.com (Postfix, from userid 503) id E50E0487D8; Fri, 27 Jun 2014 09:09:10 +0400 (MSK) Date: Fri, 27 Jun 2014 09:09:10 +0400 To: PHP internals Message-ID: <20140627050910.GA27102@openwall.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: PHP 5.4+ UPGRADING wrongly lists $2z$ From: solar@openwall.com (Solar Designer) Hi, I just noticed that when we patched the crypt_blowfish signedness bug in 2011, a commit to the UPGRADING file for PHP 5.4+ wrongly listed $2z$ as a supported prefix. It is not supported. This: - Fixed crypt_blowfish handling of 8-bit characters. crypt() in Blowfish mode now supports hashes marked $2a$, $2x$, $2y$ and $2z$. should be corrected to: - Fixed crypt_blowfish handling of 8-bit characters. crypt() in Blowfish mode now supports hashes marked $2a$, $2x$, and $2y$. While at it, can someone please correct the recently added warning at http://www.php.net/manual/en/function.crypt.php which now reads: "Using the CRYPT_BLOWFISH algorithm, will result in the str parameter being truncated to a maximum length of 72 characters. This is only a concern if are using the same salt to hash strings with this algorithm that are over 72 bytes in length, as this will result in those hashes being identical." to be just: "Using the CRYPT_BLOWFISH algorithm will result in the str parameter being truncated to a maximum length of 72 characters." The statement starting "This is only ..." is wrong. Thanks, Alexander P.S. I am not subscribed to internals, so please CC me on any replies.