GTX3 Posted July 25, 2017 Posted July 25, 2017 Hello, so according to this, the current prefix in IPS source is $2a$ which presents slight security risk, but as of PHP 5.3.7, documentation states that $2y$ should be used in preference to $2a$. I know that backward compatibility is important (websites below PHP 5.3.7) but I think there should be an option to use different blowfish prefix. I would like to switch to $2y$ prefix because a module I'm using to bridge IPS to server only supports aforementioned prefix.
GTX3 Posted July 30, 2017 Author Posted July 30, 2017 Bump - I would really like the option to switch prefix be implemented. Is there any way to use hooks? To change prefix after they login (and use $2y$ for registration)? Any feedback on this from developers would be very appreciated.
Mark Posted July 30, 2017 Posted July 30, 2017 We will be changing this in an upcoming version. Your code will likely work fine as the two prefixes only produce different results for password which contain characters with the 8th bit set.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.