On 14.06.2012, at 1:31, Nikita Popov wrote: > So, wouldn't it be better if PHP provided an easy to use API for > secure password hashes natively? So you just have to call a single > function, which magically handles everything for you (like salt > generation). > > A simple sample API could be two functions password_hash($password) > and password_hash_verify($password, $hash). But it could just as well > be a fancy, extensible OOP API.
I guess SCrypt binding could be implemented. http://www.tarsnap.com/scrypt.html That's the best available option at the moment. http://stackoverflow.com/questions/1226513/whats-the-advantage-of-scrypt-over-bcrypt It is BSD-licensed, so we can easily bundle it with PHP For the reference, here's the Python binding: https://bitbucket.org/mhallin/py-scrypt/src -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
