On 27/06/12 18:13, Pierre Joye wrote: > Changing default value forces code change if you have to keep a given > hash, for one obvious side effect. > > If you disagree or does not like the idea, that's all fine, but you > can't really say that it is not an argument (nothing to justify, this > is a draft and it is being discussed). > > Cheers, Precisely the point of such constant is to allow the applications to magically change to use more secure hashes, without needing to parform a recursive sed in the codebase to change HASH_SHA2015 with HASH_SHA2048. If you want to be in precise control of the actual hash used in a newer version (such as an hereogeneous deployment), you could set it to the lower denominator in php.ini.
Obviously, any such bump -which I would expect to happen on major releases- would hold an entry in the NEWS file explaining that PASSWORD_DEFAULT_HASH is now md5 by default instead of crc32 (still, I would expect a new hash to have been available on several releases -they could easily be added on minor ones- before becoming the PASSWORD_DEFAULT_HASH). Remember that the goal was to make the next-generation password hasing api. An (almost) foolproof way to make the applications secure. If you expect them to timely realise the problems of md5() and go back to change all their functions, you will replace the current function with password_hash('password', SILLY_HASH, ...). Developers with higher security knowledge (few of them, you'd almost need to be a cryptographer yourself) can use the advanced parameters to tweak it to their needs. Regards -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php