There's been no further discussion about password digest registry
after the initial post on 15 Oct despite a reminder post a week later,
so I'm going to go ahead and move the RFC into voting.
https://wiki.php.net/rfc/password_registry
Reminder that this RFC is mostly non user facing, it just provides
mechanisms for extensions to register hashing handlers for the
password_*() functions. The primary user-facing effect of this is
that password scheme identifiers have changed. There is a secondary
question on the RFC to address the BC impact of this.
-Sara
Reminder that this RFC is mostly non user facing, it just provides
mechanisms for extensions to register hashing handlers for the
password_*() functions. The primary user-facing effect of this is
that password scheme identifiers have changed. There is a secondary
question on the RFC to address the BC impact of this.
If we overload password_hash() and password_needs_rehash() to also
accept integers as $algo, shouldn't passing ints be deprecated right away?
--
Christoph M. Becker
Reminder that this RFC is mostly non user facing, it just provides
mechanisms for extensions to register hashing handlers for the
password_*() functions. The primary user-facing effect of this is
that password scheme identifiers have changed. There is a secondary
question on the RFC to address the BC impact of this.If we overload
password_hash()andpassword_needs_rehash()to also
accept integers as $algo, shouldn't passing ints be deprecated right away?
I would take the deprecation notice as a given, but yeah I'll add that
to the text.
-Sara