On Jul 19, 2014 11:45 AM, "Yasuo Ohgaki" wrote:
>
> Hi Nikita,
>
> On Sat, Jul 19, 2014 at 2:46 PM, Nikita Popov
wrote:
>
> > I'm against adding this notice to password_hash. This will require all
> > applications to ensure that passwords are shorter than 72 chars. I don't
> > think that's a good
Hi Nikita,
On Sat, Jul 19, 2014 at 2:46 PM, Nikita Popov wrote:
> I'm against adding this notice to password_hash. This will require all
> applications to ensure that passwords are shorter than 72 chars. I don't
> think that's a good idea.
Generally speaking, it would not be serious issue. 72
On Sat, Jul 19, 2014 at 4:15 AM, Yasuo Ohgaki wrote:
> Hi all,
>
> On Wed, Jul 16, 2014 at 9:46 AM, Yasuo Ohgaki wrote:
>
> > crypt() has BC issue with older systems.
> >
> > https://bugs.php.net/bug.php?id=62372&edit=1
> >
> > The reason rounds became 1000 from 10 is hardcoded lower limit for n
Hi all,
On Wed, Jul 16, 2014 at 9:46 AM, Yasuo Ohgaki wrote:
> crypt() has BC issue with older systems.
>
> https://bugs.php.net/bug.php?id=62372&edit=1
>
> The reason rounds became 1000 from 10 is hardcoded lower limit for newer
> PHPs.
> Generally speaking, developer should never use less than
