Opening https://wiki.php.net/rfc/password_registry for discussion.
It's all in the elevator pitch, but the TL;DR is to make
password_hash()/password_verify() into a more easily extensible API
for multiple hashing mechanisms. Critically, this would allow us to
include new library dependent mechani
On Tue, 16 Oct 2018 at 13:48, Sara Golemon wrote:
> I don't consider the current internal API proposal fixed,
> particularly, I'm not too keen on the algorithm identification. What
> I've presented is a callback for a mechanism to say "Yes, I can verify
> that signature", but this means we must
On Tue, Oct 16, 2018 at 8:43 AM Rowan Collins wrote:
> As I understand it, the purpose of the $foo$ syntax is to uniquely identify
> each algorithm, so would it make sense to pass the prefix string to the
> register call, and maintain a lookup table internally of prefix => handler?
>
If that's an
On Tue, 16 Oct 2018 at 16:35, Sara Golemon wrote:
> On Tue, Oct 16, 2018 at 8:43 AM Rowan Collins
> wrote:
> > As I understand it, the purpose of the $foo$ syntax is to uniquely
> identify
> > each algorithm, so would it make sense to pass the prefix string to the
> > register call, and maintain
