Pierre, > There is sadly only state-of-art-right-now password hashing methods. > We have to keep that in mind :)
That's why the crypt() return format was designed. All of the options that are needed to validate the hash (algorithm, cost parameter, salt, etc) are fit right into the outputted string. I'd suggest that's what's done here. In fact, I'd make the functions just a thin wrapper around crypt(). Basically, just where it sets sane defaults that we can update every minor (or major) release (to compensate for faster servers). It handles salt generation, error checking, etc. Here's what I have in mind in php: https://gist.github.com/2949382 Anthony -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
