On Sun, Jul 10, 2016 at 12:36 AM, Scott Arciszewski <sc...@paragonie.com> wrote:
> Version 1.3 of the Argon2 spec alleviated my concerns. > > I never completed my patch, and the past couple of months have been > hectic. I can review the patch before it's merged if you want, but I still > don't have the free time to author an alternative. > > If accepted in 7.1, I believe it can be the new PASSWORD_DEFAULT in 7.3 if > it remains the best option. > > Scott Arciszewski > Chief Development Officer > Paragon Initiative Enterprises <https://paragonie.com> > > On Sun, Jul 10, 2016 at 1:24 AM, Pierre Joye <pierre....@gmail.com> wrote: > >> >> On Jul 10, 2016 2:38 AM, "Charles R. Portwood II" < >> charlesportwoo...@erianna.com> wrote: >> > >> > Hello Internals, >> > >> > I'd like to improve the password_* functions by adding support for >> > Argon2[1], the winner of the Password Hasing Competition[2]. >> > >> > I've previously implemented an extension[3] to handle this, however I >> > believe this would be better to have Argon2 implemented directly >> password_* >> > functions. I would handle implementation of this enhancement, and would >> > like to gather your feedback before formally proposing an RFC. >> > >> > My wiki username is: charlesportwoodii >> > >> > Thank you! >> > *Charles R. Portwood II* >> > >> > [1] <https://github.com/P-H-C/phc-winner-argon2> >> > [2] <https://password-hashing.net/> >> > [3] <https://github.com/charlesportwoodii/php-argon2-ext> >> >> Hi Charles, >> >> Nice work already. >> >> I add Scott to this thread to be sure he reads. As far as I remember he >> has a patch too but there was concerns about having argon2 support at this >> stage because of the current state of argon2 specs (or something along this >> line). >> >> Let be sure that these concerns are solved before considering to include >> it as it means some bc risks later if the specs change. >> >> Cheers >> Pierre >> > > Thanks for your feedback everyone (and for granting wiki access)! This implementation would be against the version 1.3 of the Argon2 reference library. As Scott mentioned, this proposal would be for inclusion on 7.1, and then made PASSWORD_DEFAULT in 7.3 per the password_hash RFC, assuming better option does not arise. I'll provide an RFC within the coming days which will outline everything in detail. Thanks again, *Charles R. Portwood II*
