[PHP-DEV] Password_hash salt generation refactor

All, With PHP 7 comes random_bytes and random_int. This duplicates some of the logic internally that password_hash uses to generate its salt. I would like to refactor this to unify generation. I've opened a PR against master: https://github.com/php/php-src/pull/1585 I don't feel comfortable

Re: [PHP-DEV] Password_hash salt generation refactor

If I'm understanding this correctly, this change doesn't effect actual behavior, right? It's just taking advantage of reusing code for random_bytes / random_int ? If that is true I don't think it much matters whether the change goes through 7.0 or 7.1 since it has no real end-user impact. On

Re: [PHP-DEV] Password_hash salt generation refactor

+1 for 7.0.x security patch release, best effort sounds scary. On Sun, Oct 18, 2015 at 4:01 PM Anthony Ferrara wrote: > All, > > With PHP 7 comes random_bytes and random_int. This duplicates some of > the logic internally that password_hash uses to generate its salt. > > I

Re: [PHP-DEV] Password_hash salt generation refactor

Hi! > With PHP 7 comes random_bytes and random_int. This duplicates some of > the logic internally that password_hash uses to generate its salt. > > I would like to refactor this to unify generation. I've opened a PR > against master: https://github.com/php/php-src/pull/1585 > > I don't feel