php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #75224 Allow for argon2id in password_hash
Submitted: 2017-09-18 13:46 UTC Modified: 2019-09-09 16:46 UTC
Votes:13
Avg. Score:4.7 ± 0.7
Reproduced:7 of 8 (87.5%)
Same Version:6 (85.7%)
Same OS:4 (57.1%)
From: phpdoc at mail dot my1 dot info Assigned: cmb (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: Next Minor Version OS: Win8.1 x64
Private report: No CVE-ID: None
 [2017-09-18 13:46 UTC] phpdoc at mail dot my1 dot info
Description:
------------
argon2i is pretty nice for password hashing, true but it has some problems with memory/computation tradeoffs, wouldnt it be epic to have argon2id in the next version (as PHP7.2 is already frozen) to have a hybrid which goes both against side channels and tradeoff attacks?

in fact the ietf draft for argon2 recommends using argon2id as default.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-09 16:46 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2019-09-09 16:46 UTC] cmb@php.net
argon2id is supported as of PHP 7.3.0.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Oct 18 04:01:27 2019 UTC