On Tue Jul 31 12:21 PM, Anthony Ferrara wrote: > Jonathan, > > > Again, implementing something in the core that's not verified and > can't be implemented well by the vast majority of developers out > there.
Alright so I found some people supporting my claims: http://blog.mozilla.org/webappsec/2011/05/10/sha-512-w-per-user-salts-is-not -enough/ http://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/ It looks like Mozilla is using what you suggested, to be honest I don't quite understand the difference between: a) password_hash_rfc( hash_hmac('sha-512', 'password', '1024-bytes secret') ); b) password_hash_rfc('password' . '1024-bytes secret' ); It seems to me that (b) would more computationally expensive to break since you have more bytes in a slower algo. Interestingly enough, there was a proposal for MD6 to be a keyed hash (with pepper) http://people.csail.mit.edu/rivest/pubs/RABCx08.pdf (3.5 A keyed hash function) There does seem to be some research on keyed hash functions here (4.2 MAC construction): http://research.microsoft.com/pubs/64588/hash_survey.pdf But this use case has nothing to do with securing passwords SHA1(k||M) I guess my final point is a lot of code out there already do hash passwords with a secret key, it would be nice to have that facility in PHP core. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php