Hi!
> With PHP 7 comes random_bytes and random_int. This duplicates some of
> the logic internally that password_hash uses to generate its salt.
>
> I would like to refactor this to unify generation. I've opened a PR
> against master: https://github.com/php/php-src/pull/1585
>
> I don't feel com
On 19/10/15 00:59, Anthony Ferrara wrote:
I don't feel comfortable pulling against 7 this far into RC status.
Perhaps wait until after it goes gold? Or should this target 7.1? It's
not a big deal in either direction. Though it does add a side-effect,
where if it can't gather enough entropy it wil
If I'm understanding this correctly, this change doesn't effect actual
behavior, right? It's just taking advantage of reusing code for
random_bytes / random_int ?
If that is true I don't think it much matters whether the change goes
through 7.0 or 7.1 since it has no real end-user impact.
On Sun,
+1 for 7.0.x security patch release, best effort sounds scary.
On Sun, Oct 18, 2015 at 4:01 PM Anthony Ferrara wrote:
> All,
>
> With PHP 7 comes random_bytes and random_int. This duplicates some of
> the logic internally that password_hash uses to generate its salt.
>
> I would like to refactor
All,
With PHP 7 comes random_bytes and random_int. This duplicates some of
the logic internally that password_hash uses to generate its salt.
I would like to refactor this to unify generation. I've opened a PR
against master: https://github.com/php/php-src/pull/1585
I don't feel comfortable pull
