All,
With PHP 7 comes random_bytes and random_int. This duplicates some of
the logic internally that password_hash uses to generate its salt.
I would like to refactor this to unify generation. I've opened a PR
against master: https://github.com/php/php-src/pull/1585
I don't feel comfortable
If I'm understanding this correctly, this change doesn't effect actual
behavior, right? It's just taking advantage of reusing code for
random_bytes / random_int ?
If that is true I don't think it much matters whether the change goes
through 7.0 or 7.1 since it has no real end-user impact.
On
+1 for 7.0.x security patch release, best effort sounds scary.
On Sun, Oct 18, 2015 at 4:01 PM Anthony Ferrara wrote:
> All,
>
> With PHP 7 comes random_bytes and random_int. This duplicates some of
> the logic internally that password_hash uses to generate its salt.
>
> I
Hi!
> With PHP 7 comes random_bytes and random_int. This duplicates some of
> the logic internally that password_hash uses to generate its salt.
>
> I would like to refactor this to unify generation. I've opened a PR
> against master: https://github.com/php/php-src/pull/1585
>
> I don't feel