From c2d7a762b173f08043beedc9567cf48aae547737 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Wed, 30 Oct 2013 22:13:59 +0000 Subject: [PATCH] Update crypt() manual page for 5.6. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@332022 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/strings/functions/crypt.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/reference/strings/functions/crypt.xml b/reference/strings/functions/crypt.xml index 7871d96403..130b5f77f8 100644 --- a/reference/strings/functions/crypt.xml +++ b/reference/strings/functions/crypt.xml @@ -18,6 +18,12 @@ standard Unix DES-based algorithm or alternative algorithms that may be available on the system. + + The salt parameter is optional. However, crypt creates weak password without salt. PHP 5.6 or later raise E_NOTICE error without it. Make sure specify strong enough salt for better security. + + + password_hash uses strong hash, generates strong salt, applies proper rounds automatically. password_hash is simple crypt wrapper and compatible with existing password hashes. Use of password_hash is encouraged. + Some operating systems support more than one type of hash. In fact, sometimes the standard DES-based algorithm is replaced by an @@ -156,6 +162,12 @@ + + 5.6.0 + + Raise E_NOTICE security warning if salt is omitted. + + 5.3.7 @@ -293,6 +305,7 @@ SHA-512: $6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQ &reftitle.seealso; + password_hash md5 The Mcrypt extension The Unix man page for your crypt function for more information