|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #75224 Allow for argon2id in password_hash
Submitted: 2017-09-18 13:46 UTC Modified: 2019-09-09 16:46 UTC
Avg. Score:4.7 ± 0.7
Reproduced:7 of 8 (87.5%)
Same Version:6 (85.7%)
Same OS:4 (57.1%)
From: phpdoc at mail dot my1 dot info Assigned: cmb (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: Next Minor Version OS: Win8.1 x64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
21 - 21 = ?
Subscribe to this entry?

 [2017-09-18 13:46 UTC] phpdoc at mail dot my1 dot info
argon2i is pretty nice for password hashing, true but it has some problems with memory/computation tradeoffs, wouldnt it be epic to have argon2id in the next version (as PHP7.2 is already frozen) to have a hybrid which goes both against side channels and tradeoff attacks?

in fact the ietf draft for argon2 recommends using argon2id as default.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-09 16:46 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2019-09-09 16:46 UTC]
argon2id is supported as of PHP 7.3.0.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Aug 03 09:01:26 2020 UTC