Hi! > A user requested that crypt() should raise error without 2nd(slat) > parameter. > > https://bugs.php.net/bug.php?id=55036 > > crypt() without salt generates extremely weak password hash. In addition to > this,
I see that when I run crypt with one parameter, it generates salted password hash. I imagine since on many systems it will produce md5-based hash which is no longer considered adequate for many applications, it may be not the best way to use it, but I don't see how it is an error to do it. I'd rather have crypt() use stronger hash by default or maybe have parameter that sets which hash is being used. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
