>
> With respect to adding those algorithms for generating hashes, I'm 100%
> dead set against it.
>
Ok, I understand and agree, generating hashes for weaker algos is not a
good idea.
The point I wanted to address was forward/backward compatibility with
existing password databases that use PHPass
Nicolas:
On Thu, Sep 13, 2012 at 7:33 AM, Nicolas Grekas <
nicolas.grekas+...@gmail.com> wrote:
> Hi,
>
> What do you think about adding PHPass compatibility to the password hashing
> API ?
> We could add two new algos : PASSWORD_MD5 and PASSWORD_EXT_DES.
> That way, existing password crypted usi
Hi,
What do you think about adding PHPass compatibility to the password hashing
API ?
We could add two new algos : PASSWORD_MD5 and PASSWORD_EXT_DES.
That way, existing password crypted using phpass ($P$*, $H$*, _* prefix)
could be verified using the password hashing API.
PHPass implementation cou
