On Tue, Dec 23, 2014 at 9:12 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi, > > On Wed, Dec 24, 2014 at 4:51 AM, Pierre Joye <pierre....@gmail.com> wrote: > > > This issue has been reported earlier on secur...@php.net and is being > > discussed and analyzed. It is not a simple task. > > > > If we are not going to use other hash (i.e. half MD4 like other langs), how > about > add max allowed collisions? It would be simple and fast enough. I'm not > looking > at the code, so I could be wrong. > > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net > I think it would be nice also keeping the hash replacement on the table, otherwise we will just continue the current trend (to fix/work around the immediate problem, only to resurface later in a different form). -- Ferenc Kovács @Tyr43l - http://tyrael.hu
