On Sun, 9 Feb 2025 at 20:58, Rob Landers <rob@bottled.codes> wrote: > I fully agree with you, however it is also the default password hashing > algorithm. People may not read the docs and assume a generic implementation > that isn’t constrained. Since it is the default and has constraints, we > should probably at least warn people when they are using it wrong. They can > then do whatever they want (ignore it, migrate to a different hashing > algorithm, turn it into an exception, or adjust their inputs).
My point is that passing a password longer than 72 bytes to password_hash is not wrong. The bcrypt algorithm will work fine and just ignore the unnecessary bytes. It is perfectly normal to let users provide longer passwords and pass them to password_hash unrestricted. What is wrong is when people use password_hash for non-password-related stuff like in the linked article. The problem wasn't that password_hash didn't warn them, but that they prepended the password with non-password information. I expect an oven to cook a chicken, but if I first fill the oven with water, I'd be insane expecting it to work the same way.
