Use new PHP5.5 password functions in IPS4

[stoo2000]

It may be worth moving to bring the password features being added to PHP 5.5 into IPS4.

Here's a library that brings the features forwards into PHP 5.3.7+

https://github.com/ircmaxell/password_compat

These methods use BCRYPT by default for hashing passwords.

P.S. It is MIT licensed.

[Charles]

We plan to use different functions than MD5 for password storage.

[stoo2000]

We plan to use different functions than MD5 for password storage.

In that case then. this is a good future proof way, since it gives you the ability to change hash algorithm with ease.

[sijad]

i think md5 + salt is a great way for hash the password that IPB using it ( md5(md5(pwd) . md5(salt)) )

[bfarber]

Our minimum requirement is 5.3.0+. That library requires 5.3.7+ you said, so what you are looking at doesn't sound possible based on minimum requirements alone.

[stoo2000]

Our minimum requirement is 5.3.0+. That library requires 5.3.7+ you said, so what you are looking at doesn't sound possible based on minimum requirements alone.

That's related to

Version Description 5.3.7 Added $2x$ and $2y$ Blowfish modes to deal with potential high-bit attacks.

Realistically you're requiring 5.3+, I can't imaging anyone would want to use a lower version 5.3.7 anyway.

[Ryan H.]

I support this.

[sijad]

i think md5 + salt is a great way for hash the password that IPB using it ( md5(md5(pwd) . md5(salt)) )

seems i'm wrong :sweat:

http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php?answertab=oldest#tab-top

[bfarber]

That's related to

Version Description 5.3.7 Added

$2x$

and

$2y$

Blowfish modes to deal with potential high-bit attacks.

Realistically you're requiring 5.3+, I can't imaging anyone would want to use a lower version 5.3.7 anyway.

Our minimum requirement is 5.3.0. If it requires 5.3.7, we can't make use of it.