From 53bc2893fb4ee8faa4b03744bb3a4ed2e223af51 Mon Sep 17 00:00:00 2001 From: Jonathan Coetzee Date: Tue, 14 May 2013 18:04:52 +0300 Subject: [PATCH] Update password.php Added a generic formula to calculate $raw_salt_len, it will always generate the least amount of data required for a given $required_salt_len. --- lib/password.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/password.php b/lib/password.php index faa5eaa..27b1332 100644 --- a/lib/password.php +++ b/lib/password.php @@ -45,10 +45,10 @@ function password_hash($password, $algo, array $options = array()) { return null; } } - // The length of salt to generate - $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; + // The length of salt to generate + $raw_salt_len = (int)($required_salt_len * 0.75 + 0.25); $hash_format = sprintf("$2y$%02d$", $cost); break; default: