On 18.06.2012, at 1:54, Pierre Joye wrote: >> I guess SCrypt binding could be implemented. >> http://www.tarsnap.com/scrypt.html > > Using yet another dependency for that? Not good.
That's easier and safer than implementing this on our own. > >> That's the best available option at the moment. >> http://stackoverflow.com/questions/1226513/whats-the-advantage-of-scrypt-over-bcrypt > > This post says the exact opposite, just saying :) The post says, that SCrypt is better, because it is way harder to solve. Bcrypt requires a lot of CPU, but SCrypt requires a lot of CPU + a lot of RAM >> It is BSD-licensed, so we can easily bundle it with PHP > > Maybe nice to have in pecl.' Sure, that's an option, but pecl won't help php to have default "state-of-art" password hashing toolset ;) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php