Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:85599
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 70192 invoked from network); 31 Mar 2015 19:32:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Mar 2015 19:32:53 -0000
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.22 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.22 mout.gmx.net  
Received: from [212.227.17.22] ([212.227.17.22:49657] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 97/62-54064-366FA155 for <internals@lists.php.net>; Tue, 31 Mar 2015 14:32:52 -0500
Received: from [192.168.0.101] ([88.134.68.210]) by mail.gmx.com (mrgmx102)
 with ESMTPSA (Nemesis) id 0LcVOE-1ZLOoL1oBy-00joCW; Tue, 31 Mar 2015 21:32:47
 +0200
Message-ID: <551AF662.3070008@gmx.de>
Date: Tue, 31 Mar 2015 21:32:50 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Nicolas Oelgart <nicoswd@gmail.com>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <CAAyV7nGRU6J=-VRJ48=U4wNgE9vpk2k3fvz9MLnC2-VoCsyGRw@mail.gmail.com> <0CB1052E-0245-406D-8CF0-83E0D75CD049@gmail.com>
In-Reply-To: <0CB1052E-0245-406D-8CF0-83E0D75CD049@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID:  V03:K0:UxjanseqPnwxHX24hBzXISeuYMT0zrNUGNdm5OTtMc++tG86ZAu
 wfi4fe2kPd/Qk35IMrvO4UKIfrsjyUH7f8r6T1TU1O/CWy0sPA8z0irTvNGnYIfllqg9H+N
 lYkJOba4jYRKoS8OholtzRBiC3o4YUODbDyqy0+BTuHBlNJNm6bP6TKjwcm6+hJzELxMl1I
 AbBb+SZNR11Ifp+TJMwOQ==
X-UI-Out-Filterresults: notjunk:1;
Subject: Re: [PHP-DEV] password_hash() deprecate salt option - thoughts?
From: cmbecker69@gmx.de (Christoph Becker)

Nicolas Oelgart wrote:

>> On 31 Mar 2015, at 20:49, Anthony Ferrara <ircmaxell@gmail.com> wrote:
>>
>> So I'd like to hear your thoughts about raising E_DEPRECATED when the
>> salt option is specified in 7.0, with ultimately removing the option
>> in a later version.
> 
> +1
> 
> I'd even go as far as adding a big red warning about custom salts to the manual page. 

FWIW, there is already the following note:

| Caution It is strongly recommended that you do not generate your own
| salt for this function. It will create a secure salt automatically
| for you if you do not specify one.

-- 
Christoph M. Becker