• /
  • /
  • What PHP 5.5 might look like

What PHP 5.5 might look like

July 12, 2012 — Leave a comment

This is an interesting look into what features could be suggested for php 5.5

A simple API for password hashing

Status: proposed; Responsible: Anthony Ferrara

The recent password leaks (from LinkedIn etc) have shown that even large websites don’t get how to properly hash passwords. People have been advocating the use of bcrypt for years, but still most people seem to be using completely unsafe sha1 hashes.

We figured that the reason for this might be the really hard to use API of the crypt function. Thus we would like to introduce a new, simple API for secure password hashing:

<?php $password = "foo"; // creating the hash $hash = password_hash($password, PASSWORD_BCRYPT); // verifying a password if (password_verify($password, $hash)) { // password correct! } else { // password wrong! }

The new hashing API comes with a few more features, which are outlined in the RFC.

(via nikic)

 

In php, programming
permalink

Gunnard

Posts

No Comments

Be the first to start the conversation.

Leave a Reply

*

Text formatting is available via select HTML. <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>