Hi all,
I just want to throw a quick thought in here:
The password API proposal includes a function called
password_make_salt(), that basically creates a random string, either
in raw binary form, or in the bcrypt salt format. Personally I don't
see much use for the function in the salt context as the password API
already generates the salt all by itself, but I do see a lot of use
for a random string function in general. People commonly want to
create random strings according to some format. Like CSRF tokens, ids,
etc.
So my thought was to drop password_make_salt() and instead add some
kind of generalized random_string() function:
// this is a 20 byte random binary string
$str = random_string(20);
// ten random hex characters
$str = random_string(10, "0123456789ABCDEF");
// 15 characters from the bcrypt alphabet 0-9a-zA-Z./
$str = random_string(15,
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./");
// if it's not too hard to implement, one could support this kind
of shortcut:
$str = random_string(15, "0-9a-zA-Z./");
Thoughts?
Nikita
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
