php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #75572 sodium_crypto_pwhash_str() allow opslimit of 1
Submitted: 2017-11-26 08:26 UTC Modified: 2017-11-29 13:36 UTC
From: phpdoc at mail dot my1 dot info Assigned: jedisct1 (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.2.0RC6 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2017-11-26 08:26 UTC] phpdoc at mail dot my1 dot info 
Description:
------------
when using an opslimit (which equals the time_cost parameter in password_hash with argon2i) of 1 a warning is thrown.

this is a result of
https://github.com/php/php-src/blob/master/ext/sodium/libsodium.c#L1905-L1908

and the fact that the constant SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE is 2.

considering the process on how the argon2 RFC goes for parameter choice, a time factor of 1 is certainly not impossible, in fact especially if the server has a lot of RAM, chances are that one would choose a time of 1 and go for the ram instead of lowering the RAM and choosing a 2 or higher for time if the situation allows.

also as a side note the RFC even states that for argon2id (which is what sodium uses) that 1 pass maximizes the attack costs for the constant time of the defender.

https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3

Test script:
---------------
<?php
header("Content-Type: text/plain");
if(defined("SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE")) {
    echo "NaCl Found. ".PHP_EOL;
    echo sodium_crypto_pwhash_str("test",1,1<<26).PHP_EOL;
}
else echo "no NaCl with pwhash".PHP_EOL;
?>

Expected result:
----------------
NaCl Found. 
$argon2id$v=19$m=65536,t=1,p=1$h1v/Fexw43PMyi6W8NRRGA$QiqKXRL+csDoLqLT7p282LxPM3kfwc4UlGE5BUBD45w

Actual result:
--------------
NaCl Found. 
<br />
<b>Warning</b>:  number of operations for the password hashing function is low in <b>C:\xampp\htdocs\a2.php</b> on line <b>5</b><br />
$argon2id$v=19$m=65536,t=1,p=1$h1v/Fexw43PMyi6W8NRRGA$QiqKXRL+csDoLqLT7p282LxPM3kfwc4UlGE5BUBD45w

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-28 13:05 UTC] jedisct1@php.net 
Fixed in c05cbd1e775fa69ed9939796a908390f2bfb4459
 [2017-11-28 13:05 UTC] jedisct1@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: jedisct1
 [2017-11-28 13:05 UTC] jedisct1@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2017-11-28 14:14 UTC] phpdoc at mail dot my1 dot info 
oh thanks I didnt even know that snapshots existed, I was only moving from RC to RC (and slightly annoyed when the RC released slightly before the bugfix. thanks.

tested the snapshot and it works.

by the way according to phpversion this is marked as 7.2.1-dev so I guess I can assume this wont be ready at 7.2 but will have to wait, right?
 [2017-11-29 09:29 UTC] phpdoc at mail dot my1 dot info 
why was this reverted? is there a problem?
 [2017-11-29 13:36 UTC] jedisct1@php.net 
I'm just executing what people on the php.internals mailing list suggest.
 [2017-11-29 14:40 UTC] phpdoc at mail dot my1 dot info 
okay, so what is the plan in the end for working with this?
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jun 15 16:01:34 2025 UTC