hi, On Wed, Jun 27, 2012 at 2:59 PM, Gustavo Lopes <glo...@nebm.ist.utl.pt> wrote:
> You described why people *may* have to, depending on the circumstances -- > for instance, when interoperability in mixed environments is required. No > one is saying that relying on a default value is appropriate in those > circumstances, so this argument misses the mark. No, it is exactly one example out of many where changing values are a real pain to deal with over the years. We should not have one. > If this API existed 10 or more years ago and used MD5 as a default, I don't > see how it could not be used in a forward compatible manner back then -- > seen from the outside there's nothing different about MD5 or other digest > method except for different parameters (which can be stored together with > the salt and the method in the result of password_hash()) and digest size. > And, unsurprisingly, you have no justification on why it could not be made > forward compatible. Changing default value forces code change if you have to keep a given hash, for one obvious side effect. If you disagree or does not like the idea, that's all fine, but you can't really say that it is not an argument (nothing to justify, this is a draft and it is being discussed). Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
