Re: [PHP-DEV] crypt() should raise error without 2nd parameter

[Yasuo Ohgaki]

Hi all,

It seems there are 2 options for master branch when crypt()'s 2nd parameter
is omitted.

 - raise E_DEPRECIATED that advice use of stronger salt or password_hash()
       and make 2nd parameter required for future release.
 - make crypt() use stronger default salt/hash w/o error

Since password_hash() is supposed to do better job, first option seems
better to me.

Do I have to setup vote?

Regards,


--
Yasuo Ohgaki
yohg...@ohgaki.net