gards,
Enrico Zimuel
Hi Anthony,
i think your RFC is very good!
I like the idea to have PBKDF2 implementation that is able to act, at
the same time, as secure hash value generator (without the length
parameter) and as key derivation function (with the length parameter).
I think we should be consistent with the API of
Hi Anthony,
I'm not sure about the idea to have a specific SPL for password hashing.
I like the idea to have a standard interface for that but maybe is
enough just a set of functions.
I see a valid argument to have a standard interface especially for the
password_register_algo().
Enrico
2012/6/1
the user's salt as option and generate
a random salt if not provided.
For the random generation I suggest to use as first option the
openssl_random_pseudo_bytes() that is considered more secure compared
with mcrypt_create_iv($size, MCRYPT_DEV_URANDOM).
I just wrote that changes here: https:
