https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #62 from Daniel Friesen <mediawiki-b...@nadir-seen-fire.com> 2012-08-06 04:52:15 UTC --- (In reply to comment #60) > Except it would be preferable to use scrypt over PBKDF2, so we should look to > try and find a platform-independent solution for implementing scrypt in MW. Have you tried reading scrypt? Firstly scrypt actually uses pbkdf2 inside of it's algorithm. So even if we did try writing a scrypt implementation in php the fact that we have hash_pbkdf2 coming out in 5.5.0 is still a good thing. However, after that I looked deeper into scrypt. One of the things scrypt uses in it's algorithm is an algorithm they call smix which uses a combination of the ROMix algorithm, BlockMix algorithm, and they use Salsa20/8 for the hash algorithm. Now, if the person trying to implement scrypt in php at this point hasn't already burnt out from the mere thought of having to implement all these algorithms in php by themselves. I'll have to point something else out. The salsa20 hash algorithm was removed from php in 5.4. With all that on the table I have a feeling that it is impossible to write a properly efficient platform-independent version of scrypt in php. Certainly not something we're going to write. So while we can hope the unofficial php-scrypt module is correctly written and people can decide to install that and write a MW implementation that uses it. We cannot use scrypt as a default until someone accepts that module into php and starts shipping it. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
