Skip to content

doc patch: note that hashes are rendered in "PHC string format"#3

Open
domm wants to merge 1 commit into
Leont:masterfrom
domm:master
Open

doc patch: note that hashes are rendered in "PHC string format"#3
domm wants to merge 1 commit into
Leont:masterfrom
domm:master

Conversation

@domm

@domm domm commented Sep 21, 2023

Copy link
Copy Markdown

and add a link to the spec. At least I assume that "PHC" is what you mean by the current (slightly cryptic (sorry..)) wording "in crypt format"'

and add a link to the spec. At least I assume that "PHC" is what you mean by
the current (slightly cryptic (sorry..)) wording "in crypt format"'
@Leont

Leont commented Sep 21, 2023

Copy link
Copy Markdown
Owner

and add a link to the spec. At least I assume that "PHC" is what you mean by the current (slightly cryptic (sorry..)) wording "in crypt format"'

PHC is a subset of crypt format that all new hashes should use, but that doesn't mean that all of them do (in particular bcrypt doesn't). It would probably be more truthful to say it uses Modular Crypt Format.

@domm

domm commented Sep 22, 2023

Copy link
Copy Markdown
Author

Probably true, but when trying to figure out the difference between the RFC2307 format (used by Authen::Passphrase) and the output of $authenticator->hash_password I learned that there is no real standard for password hashes (ignoring RFC2307...), but that Authen::Passphrase uses the most standard-y format we agreed on (PHC or MCF). Which I found reassuring because I wouldn't want to store my hashes in some arbitrary format that you came up with.

This is why I would love to have a bit more info instead of "in crypt format". But then maybe I should just learn what that "in crypt format" is a well enough definition :-)

So, yeah, link to PHC or MCF or ignore that PR, there really is no perfect solution as there is no real spec for "crypt format" :-)

@Leont

Leont commented Jan 8, 2025

Copy link
Copy Markdown
Owner

This is why I would love to have a bit more info instead of "in crypt format". But then maybe I should just learn what that "in crypt format" is a well enough definition :-)

It's deliberately a bit fuzzy because the exact definition really depends on the backend that's used. It is all more of a convention than a rule, there's nothing that actually prevents a backend from using the RFC2307 format. You could probably even write a wrapper that converts the crypt format to RFC2307 if you need it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants