If I'm understanding this correctly, this change doesn't effect actual behavior, right? It's just taking advantage of reusing code for random_bytes / random_int ?
If that is true I don't think it much matters whether the change goes through 7.0 or 7.1 since it has no real end-user impact. On Sun, Oct 18, 2015 at 6:59 PM, Anthony Ferrara <ircmax...@gmail.com> wrote: > All, > > With PHP 7 comes random_bytes and random_int. This duplicates some of > the logic internally that password_hash uses to generate its salt. > > I would like to refactor this to unify generation. I've opened a PR > against master: https://github.com/php/php-src/pull/1585 > > I don't feel comfortable pulling against 7 this far into RC status. > Perhaps wait until after it goes gold? Or should this target 7.1? It's > not a big deal in either direction. Though it does add a side-effect, > where if it can't gather enough entropy it will throw an exception and > return failure (where prior it would simply make a "best effort". > > Thoughts? > > Anthony > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
