On 1 August 2016 at 18:46, Charles R. Portwood II < charlesportwoo...@erianna.com> wrote:
> Hello, > > The RFC for introducing Argon2 as an alternative hashing algorithm for the > password_* functions is now open. The RFC is available at > https://wiki.php.net/rfc/argon2_password_hash. > > Voting is open for 1 week, and will close on August 8th with a 50%+1 > majority required to pass. If either of those need to be adjusted please > let me know. > To clarify, the vote appears to be a single vote for "include in 7.2 *and* make default in 7.4" - is this correct? If so, I think it would it be better to reduce the scope - include in 7.2, with a view to holding a discussion/vote on making it default nearer the time 7.4 comes around. It seems a little premature for voting on things that won't even start happening for a couple of years, and there's always the possibility that something may change between now and then (e.g. some better default is decided on and/or some vuln is discovered in bcrypt/Argon2 that changes the considerations). Thanks, Chris
