On Fri, Apr 23, 2021 at 2:56 PM Kamil Tekiela <tekiela...@gmail.com> wrote:
> We can also consider switching the default to Argon2id. > As Scott says the NUL byte truncation is not a bug in PHP, but a bug in > the algorithm. I don't know the exact specification but maybe we should > leave the current implementation as is? > The only way we can make argon2i(d) into the default is if it's always available. Currently, the only implementations we have are from external (non-system) libraries, and making those libraries required is essentially a non-starter. -Sara
