On 8/5/16, 2:20 PM, "Charles R. Portwood II" <charlesportwoo...@ethreal.net on behalf of charlesportwoo...@erianna.com> wrote:
>It breaks the API in the interim between this RFC and a potential future >one. The $options parameter for both password_hash and >password_needs_rehash is optional. Making it required for one algorithm >but not another changes the API's for both methods. The expectations >outlined in the original password_hash RFC make the third parameter for >tuning the algorithm, not for making the algorithm work. Without default >values, both password_hash and password_needs_rehash would fail unless >the costs are provided. OK. I misunderstood what qualifies as "broken". Looks most like most people want to set default costs right away so I'll leave it here. As for choosing the right default values for PHP, what are the criteria? Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
