default value of $algo should be PASSWORD_DEFAULT

ircmaxell / password_compat

Compatibility with the password_* functions that ship with PHP 5.5

MIT License

2.15k stars 421 forks source link

default value of $algo should be PASSWORD_DEFAULT #66

Closed y-gupta closed 10 years ago

y-gupta commented 10 years ago

default value of $algo should be PASSWORD_DEFAULT in password_hash($password,$algo,$options) in https://github.com/ircmaxell/password_compat/blob/6f127097b6260194a14e22c37bcb64b4a0eb919a/lib/password.php

sarciszewski commented 10 years ago

While this makes sense to me (default to DEFAULT), the PHP 5.5 implementation does not assume this. The parameter is not optional, according to the documentation. http://php.net/password_hash

y-gupta commented 10 years ago

Oh yes, I forgot to check the official prototype.

On Fri, Oct 24, 2014 at 6:15 PM, Scott Arciszewski <notifications@github.com

wrote:

While this makes sense to me (default to DEFAULT), the PHP 5.5 implementation does not assume this. The parameter is not optional, according to the documentation. http://php.net/password_hash

Reply to this email directly or view it on GitHub https://github.com/ircmaxell/password_compat/issues/66#issuecomment-60381681 .

Regards, Yash Gupta Computer Science Sophomore Indian Institute of Technology, New Delhi

ircmaxell commented 10 years ago

Here's the justification when it was originally designed: http://marc.info/?l=php-internals&m=134131745211635&w=2 (read back further in the thread for why it was decided further).

y-gupta commented 10 years ago

Thank you for the insight