Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a great step forward. I wish it was in an object rather than globally scoped methods, but it's nice to have.

Also, in case you didn't know, you can use bcrypt with PHP5.3 and the crypt() function. It's not as user friendly as this, but you can do it.



Here's an explanation of my rationale for not making it an object instead of a function: http://www.reddit.com/r/PHP/comments/zrprk/the_new_secure_pa...

Here's the last paragraph (in case it's TLDR, or you don't want to click through):

> So in short (or not), I just felt that there's room for this API and things like PasswordLib to live side by side. And I will continue to maintain that project in the long run. But for the generic use-case, I felt that an OOP API was too much risk for not enough gain for a core implementation. With that said, if you can come up with a clean API, I'd be all ears and willing to consider implementing it. But for now, this is the better alternative IMHO...


Or you can use this library:

http://www.openwall.com/phpass/

It does all the work for you, and will even fall back to other algorithms if you don't have bcrypt available.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: