Date: Tue, 7 Oct 2014 12:41:38 +0100 From: Leigh <leight@...il.com> To: crypt-dev@...ts.openwall.com Subject: Re: BCrypt $2b$ support in PHP Alexander, many thanks for taking the time to review this. > While I like the simplicity of this patch, I'd prefer to merge > crypt_blowfish's more elaborate changes into its revision in PHP instead > of deviating from crypt_blowfish farther. I feel quite dense for not even looking at your reference code, and just stumbling blindly into it. Although at the same time quite happy I made some of the same changes :) > - Extra test vectors from wrappers.c. Your added test vectors do not > check that 'b' is implemented as equivalent specifically to 'y', rather > than possibly to 'a' or 'x'. I've now taken the new test vectors from 1.3, as well as a batch that were completely missing which revealed some bugs in PHPs implementation; also now fixed. > Basically, please diff crypt_blowfish-1.2 to crypt_blowfish-1.3 and port > those changes. If any changes made between older versions of > crypt_blowfish haven't made it into the PHP tree yet, port those as well - > with a separate patch. We'll also need to take a look at how the final > code in PHP would differ from crypt_blowfish-1.3's, and make sure only > the actually intentional changes are in there. This will ease further > updates, if those are needed. I've reviewed the 1.1 to 1.2, and 1.2 to 1.3 diffs and am happy to say that only changes between 1.2 and 1.3 needed to be applied. I have preserved all of the PHP specific hacks and updated everything else to be in line with 1.3 Again, many thanks for your time. Leigh.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ