php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #75224 Allow for argon2id in password_hash
Submitted: 2017-09-18 13:46 UTC Modified: -
Votes:13
Avg. Score:4.7 ± 0.7
Reproduced:7 of 8 (87.5%)
Same Version:6 (85.7%)
Same OS:4 (57.1%)
From: phpdoc at mail dot my1 dot info Assigned:
Status: Open Package: *Encryption and hash functions
PHP Version: Next Minor Version OS: Win8.1 x64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-09-18 13:46 UTC] phpdoc at mail dot my1 dot info
Description:
------------
argon2i is pretty nice for password hashing, true but it has some problems with memory/computation tradeoffs, wouldnt it be epic to have argon2id in the next version (as PHP7.2 is already frozen) to have a hybrid which goes both against side channels and tradeoff attacks?

in fact the ietf draft for argon2 recommends using argon2id as default.


Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Aug 19 20:01:30 2019 UTC