https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #31 from Tyler Romeo <tylerro...@gmail.com> 2012-03-30 22:55:35 UTC --- What I'm saying is that the complicated system you're using is entirely useless and unnecessary. A password hashing algorithm should only need one singular function, crypt(), that takes a password and options and returns a hash. Introducing cryptParams() and an entirely static class that serves the sole purpose of registering other classes is not only unnecessary but confusing. All you need is one password class that abstracts the functionality of hashing and comparing passwords, and then have a hook for registering password functions. Why have an entire class with four functions (three of which being unnecessary) when you can just use one and not have a complicated system of objects and inheritance. (Also, there should not be "preferred formats" for the individual hashing algorithms. A site administrator will choose which password scheme he or she wants and that will be considered the "current format". Different people have different ideas on the security they want.) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
