From d0223af67dd96bff46b37fc9b806c6211830cc0a Mon Sep 17 00:00:00 2001
From: Adam Harvey <aharvey@php.net>
Date: Fri, 20 Jul 2012 08:39:55 +0000
Subject: [PATCH] Fix doc bug #62414 (Out of date docs for CRYPT_BLOWFISH). I'd
 greatly appreciate a review on this, since I'm not sure it's as well worded
 or laid out as it could be -- the one paragraph per hash convention is
 starting to get a little tight.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@326725 c90b9560-bf6c-de11-be94-00142212c4b1
---
 reference/strings/functions/crypt.xml | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/reference/strings/functions/crypt.xml b/reference/strings/functions/crypt.xml
index 2de7be4b81..9f517d62d8 100644
--- a/reference/strings/functions/crypt.xml
+++ b/reference/strings/functions/crypt.xml
@@ -66,12 +66,19 @@
    </listitem>
    <listitem>
     <simpara>
-     <constant>CRYPT_BLOWFISH</constant> - Blowfish hashing with a salt as follows:
-     "$2a$", a two digit cost parameter, "$", and 22 digits from the alphabet
-     "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to
-     return a zero-length string. The two digit cost parameter is the base-2 logarithm of the
-     iteration count for the underlying Blowfish-based hashing algorithmeter and must be in
-     range 04-31, values outside this range will cause crypt() to fail.
+     <constant>CRYPT_BLOWFISH</constant> - Blowfish hashing with a salt as
+     follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and
+     22 digits from the alphabet "./0-9A-Za-z". Using characters outside of
+     this range in the salt will cause crypt() to return a zero-length string.
+     The two digit cost parameter is the base-2 logarithm of the iteration
+     count for the underlying Blowfish-based hashing algorithmeter and must be
+     in range 04-31, values outside this range will cause crypt() to fail.
+     Versions of PHP before 5.3.7 only support "$2a$" as the salt prefix: PHP
+     5.3.7 introduced the new prefixes to fix a security weakness in the
+     Blowfish implementation.  Please refer to
+     <link xlink:href="&url.crypt.blowfish;">this document</link> for full
+     details of the security fix, but to summarise, developers targeting only
+     PHP 5.3.7 and later should use "$2y$" in preference to "$2a$".
     </simpara>
    </listitem>
    <listitem>
@@ -149,6 +156,13 @@
       </row>
      </thead>
      <tbody>
+      <row>
+       <entry>5.3.7</entry>
+       <entry>
+        Added <literal>$2x$</literal> and <literal>$2y$</literal> Blowfish
+        modes to deal with potential high-bit attacks.
+       </entry>
+      </row>
       <row>
        <entry>5.3.2</entry>
        <entry>