On 16 Jul 2014, at 01:46, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > - Developer may use larger rounds and store updated hash when > user is authenticated with old PHP. > - Developer may ask users to reset password if password hash has > to fewer rounds than 1000 (i.e. outdated hash) with new PHP.
Wait, doesn’t that mean you’re unable to verify passwords now? -- Andrea Faulds http://ajf.me/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
