On 27.06.2011, at 01:55, Stas Malyshev wrote: > However, it still has a chance somebody's data won't work after the update if > he had 8-bit data hashed with old crypt(). He would need either to re-hash or > to change prefix from $2a to $2x.
IMO that's a fair trade-off; people could even implement this in their app code by replacing "$2a" with "$2x" for a transitional period in the hash if the comparison fails (and then simply re-hash the password again with $2a so it's secure). I'm volunteering to write the necessary code sample for the upgrading notes :p David
smime.p7s
Description: S/MIME cryptographic signature
