On Tue, 2011-06-28 at 12:19 +0200, David Zülke wrote: > On 27.06.2011, at 01:55, Stas Malyshev wrote: > > > However, it still has a chance somebody's data won't work after the > update if he had 8-bit data hashed with old crypt(). He would need > either to re-hash or to change prefix from $2a to $2x. > > IMO that's a fair trade-off; people could even implement this in their > app code by replacing "$2a" with "$2x" for a transitional period in > the hash if the comparison fails (and then simply re-hash the password > again with $2a so it's secure). I'm volunteering to write the > necessary code sample for the upgrading notes :p
if people read it ... what might happen is that people test when upgrading (yay!) all tests and all work and then 1% of the users or so can't login anymore (with an european site for instance where 8bit characters might happen ...) johannes > David > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
