On 9 January 2015 at 16:45, Anthony Ferrara wrote:
>
> Changing this fallback behavior to the correct error should happen.
> However, this will likely break a number of live systems which are
> currently relying on the incorrect behavior (likely without knowing
> it).
I'd call this a sec fix. Abs
Hi all,
On Sat, Jan 10, 2015 at 1:45 AM, Anthony Ferrara
wrote:
> It's worth nothing that failing is the currently documented behavior:
> http://php.net/crypt
>
> Therefore, I'm suggesting we add an E_DEPRECATED error when we detect
> an invalid STD_DES salt but still execute the fallback:
> htt
