On 8/5/16 8:47 AM, Charles R. Portwood II wrote:
The RFC is available at: https://wiki.php.net/rfc/argon2_password_hash.
Hi Charles, Thanks for doing this. I'm glad Argon2 is coming to PHP. You can have a longer voting period if you like, which I think would be a good idea. I think it's confusing to have two consts to identify the algorithm. I don't understand the analogy to PASSWORD_DEFAULT. If we only provide Argon2i, one const is easier. If we anticipate adding another Argon2 algo in the future that is not backward compatible with this one then I don't think we would want to change PASSWORD_ARGON2 to point to it. Finally, I wonder if it wouldn't be better if, for the time being, we do not provide default costs constants. Argon2 is new (as crypto algos go) and very early in a gradual introduction in deployments. And it is hard to use because of the three cost factors. Correctly tuning those for different machines is not yet a commonly-understood skill. (You even can find conflicting advice on how to tune Bcrypt's time factor.) If we offer default costs then it will appear, to some people, even those who know little about it beyond the name, as though deploying Argon2 is just a matter of using it with the defaults. I'm not sure this is a good idea. If, on the other hand, we omit the constants and require the $options argument then it discourages inexpert users. At the same time it encourages experimentation and understanding of the costs, among those who take an interest, which I think is just what we want. Those who want to use Argon2 are going to make special efforts to get the lib and enable it in PHP. So I don't think it's unreasonable to expect the early adopters to give some thought to the costs. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
