Sent from my iPhone 在 2012-3-18,13:57,Tjerk Anne Meesters <datib...@php.net> 写道:
> On Sun, Mar 18, 2012 at 8:12 AM, Stas Malyshev <smalys...@sugarcrm.com> wrote: >> Obvious solution would be to use a salt for the hash, which prevents blind >> pre-computing of hash collisions. However, due to the fact that PHP hash >> values can be reused in different processes by bytecode caches, implementing >> it properly is not trivial. > > What if php uses salts for specific hashes only, such as GPC (or all > hashes whose lifetime is limited to the current reuqest), and use a > zero-value salt for all others? definitely no,thinking of pre-calculated hash. Or Ajax which use json_decode parse input json. IMO, this Make no sense but mess things up. Thanks > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php