On 21/02/2022 16:43, st...@tobtu.com wrote:
If crypt() is removed, you can still use password_verify() to verify all the password hashes created by crypt(). The only thing you lose is creating those bad password hashes. Which can be done in userland because most people aren't changing their passwords daily. So it will run that slow userland code infrequently.
What "slow userland code"? Is there an implementation of the legacy crypt hashing function in pure PHP out there somewhere? I certainly wouldn't be confident writing one.
Regards, -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
