Hello again, I have put together a quick proof-of-concept for the password API.
C: https://github.com/ircmaxell/php-src/blob/hash_password/ext/standard/password.c PHP (Implemented as a backwards-compatibility layer, so 5.3/5.4 users can use the API earlier): https://github.com/ircmaxell/password_compat/blob/master/lib/password.php It needs some work before it's ready for an RFC, but it works as intended. Right now, it defines 3 functions: password_create($password, $algo = PASSWORD_DEFAULT, array $options = array()) password_verify($password, $hash) password_make_salt($length, $raw_output = false) Some of the things I want to change include the ability to set the default bcrypt and sha* cost/round parameters via a php.ini setting (right now, it's just a c constant). I also want to refactor it a bit to clean it up. I also need to test it out fully... I also don't care for the amount of PHP function calls it makes (zend_call_method_with_n_params). But that may be ok, given the What do you think so far? Anthony On Wed, Jun 20, 2012 at 6:05 AM, Anthony Ferrara <ircmax...@gmail.com> wrote: > Angel, > >> I don't think the code is the most appropiate one, but I suppose that's >> not a final proposal. > > Correct, it was just to fill out the interface a bit so that people > could play with it and see how the interface worked... > >> The interfaces look good to me. >> I'd maybe set the default $algo to PASSWORD_DEFAULT_HASH or similar, >> being a value bumped on each next revisions. > > Yeah, that's a good idea. Makes it easier to update without changing > the interface. > >> I would consider preferable to have the $ ofpassword_register_algoprefix >> implicit. > > That's fair. > > Thanks, > > Anthony -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
