Hello all,
I've written up a quick draft version of an RFC for pull request 105 (
https://github.com/php/php-src/pull/105 ), to add hash_pbkdf2() to the
core implementation. Please give it a look and provide some feedback,
so that this can move into discussion as a more defined proposal.
https://wiki.php.net/rfc/hash_pbkdf2
Thanks,
Anthony
Hi, Anthony
I personally would rename the 2nd parameter to $data as this function is
not only meant for creating secure hashes from passwords.
Bye
Simon
On Thu, Jun 14, 2012 at 4:00 AM, Anthony Ferrara ircmaxell@gmail.comwrote:
Hello all,
I've written up a quick draft version of an RFC for pull request 105 (
https://github.com/php/php-src/pull/105 ), to addhash_pbkdf2()to the
core implementation. Please give it a look and provide some feedback,
so that this can move into discussion as a more defined proposal.https://wiki.php.net/rfc/hash_pbkdf2
Thanks,
Anthony
Simon,
I personally would rename the 2nd parameter to $data as this function is not
only meant for creating secure hashes from passwords.
Well, I understand your sentiment. But PBKDF stands for Password Based
Key Derivation Function. Even the spec calls that parameter password:
PBKDF2 (P, S, c, dkLen)
Options: PRF underlying pseudorandom function (hLen
denotes the length in octets of the
pseudorandom function output)
Input: P password, an octet string
S salt, an octet string
c iteration count, a positive integer
dkLen intended length in octets of the derived
key, a positive integer, at most
(2^32 - 1) * hLen
Output: DK derived key, a dkLen-octet string
So in this case, I feel calling the parameter "password" is justified...
Thanks,
Anthony