While I agree that the statement "bcrypt is better than PBKDF2, thus only bcrypt should be used" is difficult to defend, I think saying "bcrypt is a homegrown solution, only PBKDF2 is a good way to do it" is also wrong and OP is opinionated.
IMO - docs should describe alternatives, without statements "X is better than Y", but we also should include PBKDF2 as an option for password_hash() - PHP7 is (theoretically, apparently) closed for new features, but we should target the next possible version. I'm not sure if we should opt for changing the default. Regarding iteration count: (again, IMO) 1024 is a bit low, but 128000 as a default for everyone might be a bit too much. --Leszek On Tue, May 5, 2015 at 10:37 PM, Christoph Becker <cmbecke...@gmx.de> wrote: > Hi everybody! > > In issue #64816[1] the OP suggests in the comment from [2015-05-05 04:34 > UTC] that hash_pbkdf2() should be recommended for advanced users, and > that password_hash() should use PBKDF2 with at least 128,000 rounds. > > The "Adding simple password hashing API" RFC[2] mentions in the "Future > concerns" section that new hash algorithms may be introduced, and that > the default algorithm as well as the default cost may be changed. > According to the "Updating PASSWORD_DEFAULT" section[3] changing the > default algorithm for PHP 7.0 is not possible anymore, but it might be > considered to add support for PBKDF2, and to increase the cost of the > CRYPT_BLOWFISH algorithm. > > Thoughts? > > [1] <https://bugs.php.net/bug.php?id=64816> > [2] <https://wiki.php.net/rfc/password_hash#future_concerns> > [3] <https://wiki.php.net/rfc/password_hash#updating_password_default> > > -- > Christoph M. Becker > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
