Version 1.3 of the Argon2 spec alleviated my concerns. I never completed my patch, and the past couple of months have been hectic. I can review the patch before it's merged if you want, but I still don't have the free time to author an alternative.
If accepted in 7.1, I believe it can be the new PASSWORD_DEFAULT in 7.3 if it remains the best option. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> On Sun, Jul 10, 2016 at 1:24 AM, Pierre Joye <pierre....@gmail.com> wrote: > > On Jul 10, 2016 2:38 AM, "Charles R. Portwood II" < > charlesportwoo...@erianna.com> wrote: > > > > Hello Internals, > > > > I'd like to improve the password_* functions by adding support for > > Argon2[1], the winner of the Password Hasing Competition[2]. > > > > I've previously implemented an extension[3] to handle this, however I > > believe this would be better to have Argon2 implemented directly > password_* > > functions. I would handle implementation of this enhancement, and would > > like to gather your feedback before formally proposing an RFC. > > > > My wiki username is: charlesportwoodii > > > > Thank you! > > *Charles R. Portwood II* > > > > [1] <https://github.com/P-H-C/phc-winner-argon2> > > [2] <https://password-hashing.net/> > > [3] <https://github.com/charlesportwoodii/php-argon2-ext> > > Hi Charles, > > Nice work already. > > I add Scott to this thread to be sure he reads. As far as I remember he > has a patch too but there was concerns about having argon2 support at this > stage because of the current state of argon2 specs (or something along this > line). > > Let be sure that these concerns are solved before considering to include > it as it means some bc risks later if the specs change. > > Cheers > Pierre >
