Hi! On 6/26/11 4:36 PM, Johannes Schlüter wrote:
If the hash changes everybody who stored encrypted passwords or such using the old format can't verify them anymore.
The change will be only for 8-bit data though.
My suggestion without looking really deep into these things: Change the default, and an "old_blowfish" for compatibility and advertise it ... not sure it's the best thing.
We could add some flag, etc. to it to trigger the old behavior - it needs to pass 1 as the last parameter to BF_set_key then. That would probably require some modifications to crypt_blowfish.c as currently php_crypt_blowfish_rn uses the salt to determine the algorithm.
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
