Hi
in response to the recent "PASSWORD_DEFAULT value" thread [1], I've
created an RFC to discuss an increase of the default BCrypt costs for
`password_hash()` from the current value of 10.
https://wiki.php.net/rfc/bcrypt_cost_2023
This message is intended to officially open the discussion
On 7 Sep 2023, at 18:26, Tim Düsterhus wrote:
> in response to the recent "PASSWORD_DEFAULT value" thread [1], I've created
> an RFC to discuss an increase of the default BCrypt costs for
> `password_hash()` from the current value of 10.
>
> https://wiki.php.net/rfc/bcrypt_cost_2023
Thanks
Hi Tim
On 07/09/2023 19:26, Tim Düsterhus wrote:
> Hi
>
> in response to the recent "PASSWORD_DEFAULT value" thread [1], I've created
> an RFC to discuss an increase of the default BCrypt costs for
> `password_hash()` from the current value of 10.
>
> https://wiki.php.net/rfc/bcrypt_cost_2023
Hi
On 9/7/23 20:05, Niels Dossche wrote:
I just noticed one small detail.
From the RFC text: "All tests were carried out using wall-power." I guess you
mean wall-time?
No, this means that the laptops whose CPUs where tested were plugged
into the wall :-)
I've added a parenthesis
Hi
On 9/6/23 21:33, Vinicius Dias wrote:
This is very interesting. It's the first time I see recommendations
pro Bcrypt and against Argon2. Even Owasp recommends Argon2 over
Bcrypt [1].
I am not a cryptography expert so I believe that if there is a
discussion of which one is better PHP
On Sun, Sep 3, 2023 at 5:51 AM Alexandru Pătrănescu
wrote:
> Hi!
>
> On Sun, Sep 3, 2023 at 3:14 PM Tim Düsterhus wrote:
>
> >
> > The RFC mentions already has a section with regard to naming:
> >
> > > Why not the names PHP_ROUND_UP and PHP_ROUND_DOWN
> >
> > I generally agree with the