hi Anthony, Adding Alex to the loop as his insight will be unvaluable in this thread.
On Sat, Jun 16, 2012 at 2:41 PM, Anthony Ferrara <[email protected]> wrote: >> This userland library already solves all the issues you outlined with >> bcrypt: http://www.openwall.com/phpass/ > > That library is not without its issues. For example, if you ask for a > portable hash, it gives you a custom algorithm instead of bcrypt. > That's because the library is php4 compatible. So for modern versions > of PHP (5.3+), it produces an unnecessarily weak hash. Because it was exciting before. However the point here is not the implementation but the APIs. To be honest I am not a big fan of providing such an API in the core as no matter the default implementation, it will become obsolete soon or later. And changing the default brings its lot of issues and BC problems. That being said, it seems that we may not have the choice anyway so having a well designed and implemented API for password (and related or similar areas) generations may be a good thing. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
