I am reading a php manual . At some point, he checks the hash result as follows:
$hash = $hasher->HashPassword($pass); if (strlen($hash) < 20) fail('Failed to hash new password');
I understand that the minimum length for the phpass hash, but I do not understand why this will not work. Is it possible? I mean, who / what should I blame if this happens? How to prevent this? I also posted a comment about this on the web page.
For reference, you can find the PasswordHash::HashPassword() code in this question: How can * be a secure hashed password?
source share