+1 for 7.0.x security patch release, best effort sounds scary. On Sun, Oct 18, 2015 at 4:01 PM Anthony Ferrara <ircmax...@gmail.com> wrote:
> All, > > With PHP 7 comes random_bytes and random_int. This duplicates some of > the logic internally that password_hash uses to generate its salt. > > I would like to refactor this to unify generation. I've opened a PR > against master: https://github.com/php/php-src/pull/1585 > > I don't feel comfortable pulling against 7 this far into RC status. > Perhaps wait until after it goes gold? Or should this target 7.1? It's > not a big deal in either direction. Though it does add a side-effect, > where if it can't gather enough entropy it will throw an exception and > return failure (where prior it would simply make a "best effort". > > Thoughts? > > Anthony > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
