Hi everybody,
I was on the brink of celebrating the one-year anniversary of a patch I
submitted being open, but today it was finally merged!
https://gerrit.wikimedia.org/r/77645
The old User::comparePasswords() and User::crypt() functions have been replaced
with a new password hashing API.
Thank you. Out of curiosity, why bcrypt and not scrypt? There is debate in
the security community about which is better so my comment isn't intended
as criticism. I'm just interested in the thinking behind this decision.
Thanks,
Pine
On Jul 28, 2014 1:35 PM, Tyler Romeo tylerro...@gmail.com
On Mon, Jul 28, 2014 at 5:24 PM, Pine W wiki.p...@gmail.com wrote:
Thank you. Out of curiosity, why bcrypt and not scrypt? There is debate in
the security community about which is better so my comment isn't intended
as criticism. I'm just interested in the thinking behind this decision.
It
- Original Message -
From: Tyler Romeo tylerro...@gmail.com
It is a matter of stability in PHP. Bcrypt has built-in support in PHP, as
does PBKDF2, whereas scrypt requires an extension. It should be noted,
however, that the patch that was merged implements an extensible password
API,