PHP :: Request #75224 :: Allow for argon2id in password

Allow for argon2id in password_hash

Submitted:

2017-09-18 13:46 UTC

Modified:

2019-09-09 16:46 UTC

Votes:	13
Avg. Score:	4.7 ± 0.7
Reproduced:	7 of 8 (87.5%)
Same Version:	6 (85.7%)
Same OS:	4 (57.1%)

From:

phpdoc at mail dot my1 dot info

Assigned:

cmb (profile)

Status:

Closed

Package:

*Encryption and hash functions

PHP Version:

Next Minor Version

OS:

Win8.1 x64

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpdoc at mail dot my1 dot info
New email:
PHP Version:		OS:

New Comment:

[2017-09-18 13:46 UTC] phpdoc at mail dot my1 dot info

Description:
------------
argon2i is pretty nice for password hashing, true but it has some problems with memory/computation tradeoffs, wouldnt it be epic to have argon2id in the next version (as PHP7.2 is already frozen) to have a hybrid which goes both against side channels and tradeoff attacks?

in fact the ietf draft for argon2 recommends using argon2id as default.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-09-09 16:46 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2019-09-09 16:46 UTC] cmb@php.net

argon2id is supported as of PHP 7.3.0.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Mar 31 03:01:29 2025 UTC