PHP :: Request #75224 :: Allow for argon2id in password

Allow for argon2id in password_hash

Submitted:

2017-09-18 13:46 UTC

Modified:

2019-09-09 16:46 UTC

Votes:	13
Avg. Score:	4.7 ± 0.7
Reproduced:	7 of 8 (87.5%)
Same Version:	6 (85.7%)
Same OS:	4 (57.1%)

From:

phpdoc at mail dot my1 dot info

Assigned:

cmb (profile)

Status:

Closed

Package:

*Encryption and hash functions

PHP Version:

Next Minor Version

OS:

Win8.1 x64

Private report:

CVE-ID:

None

View Developer Edit

[2017-09-18 13:46 UTC] phpdoc at mail dot my1 dot info

Description:
------------
argon2i is pretty nice for password hashing, true but it has some problems with memory/computation tradeoffs, wouldnt it be epic to have argon2id in the next version (as PHP7.2 is already frozen) to have a hybrid which goes both against side channels and tradeoff attacks?

in fact the ietf draft for argon2 recommends using argon2id as default.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-09-09 16:46 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2019-09-09 16:46 UTC] cmb@php.net

argon2id is supported as of PHP 7.3.0.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Mar 27 09:01:28 2025 UTC