PHP 5.5 Open Source Set to Include New Password Hashing API
From the 'Nope, Still Not PHP 6' files:
Work has now officially begun on PHP 5.5. This will be the first major update since PHP 5.4 debuted earlier this year. Work on major milestone releases has been painfully slow in recent years, so it'll be interesting to see how fast (or slow) PHP 5.5 matures.
The biggest new item set to land in PHP 5.5 that caught my eye is the new Password Hashing API.
PHP developer, Anthony Ferrara explained in his rationale for the new Password Hashing API that, "as recent attacks have shown, strong password hashing is something that the vast majority of PHP developers don't understand, or don't think is worth the effort."
"The current core implementations of strong password hashing using crypt() are actually fairly difficult to work with.," Ferrara wrote. "By providing a simple API that can be called, which takes care of all of those issues for you, hopefully more projects and developers will be able to use secure password hashing."
Makes sense to me. Let's just hope that it doesn't take years until PHP 5.5 is officially released before developers are able to take advantage of this security innovation.