On 14.04.2018 at 23:53, Alice Wonder wrote:

> In this RFC
> https://wiki.php.net/rfc/argon2_password_hash
> It looks like Argon2i is now implemented in PHP with the password_*
> functions (though requires a compile flag ???)

Indeed, the password_*() API supports Argon2i is as of PHP 7.2.0, if
properly configured with `–with-password-argon2`[1] (which is still
undocumented[2], by the way).

> Since the sodium extensions used the Argon2id variant by default, would
> it be prudent to make sure the php password_* functions can *verify* 2d
> and 2id variant hashes, even if it does not set them by default?

FWIW, there is already an RFC regarding support for Argon2id[3].
Hopefully, this will be implemented as of PHP 7.3.0.

[1] <https://wiki.php.net/rfc/argon2_password_hash#configure_flag>
[2] <http://www.php.net/manual/en/password.installation.php>
[3] <https://wiki.php.net/rfc/argon2_password_hash_enhancements>

Christoph M. Becker

PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to