A while back Anthony Ferrara proposed a standardized password hashing feature to be included into the core of PHP. It was voted on and it was decided it would be introduced in the PHP 5.5 releases. Anthony has written up a new post talking some about his process in making this upcoming feature and answering some of the most common questions he's gotten about it.
The other day, PHP 5.5 Alpha 1 was released to the public for the first round of testing the new features that are coming out. One of those new features is the Simplified Password Hashing API that I proposed (and was accepted). I have received a lot of feedback and criticism of the new API in the months since it's been committed. I figured now that Alpha 1 is out and people can play with it, I should respond to some of those items, and give a little bit more insight into why it was built the way it was...
He talks about some of his goals with the use of the functionality (simplicity, something "the 99%" can use) ans answers questions about:
- Why the functions aren't namespaced
- Why it's not just a class that can be included when needed
- The choice of not going with an OOP interface
- Why PBKDF2 and Crypt-SHA-512 aren't supported
...and several other questions, but you'll have to read the full post for the rest of those. You can find out a lot about the API for this functionality from its wiki page and, if you'd like to try it out (in an alpha state), you can download this version of PHP and compile it yourself.
