On 14.04.2018 at 23:53, Alice Wonder wrote: > In this RFC > > https://wiki.php.net/rfc/argon2_password_hash > > It looks like Argon2i is now implemented in PHP with the password_* > functions (though requires a compile flag ???)
Indeed, the password_*() API supports Argon2i is as of PHP 7.2.0, if properly configured with `–with-password-argon2`[1] (which is still undocumented[2], by the way). > Since the sodium extensions used the Argon2id variant by default, would > it be prudent to make sure the php password_* functions can *verify* 2d > and 2id variant hashes, even if it does not set them by default? FWIW, there is already an RFC regarding support for Argon2id[3]. Hopefully, this will be implemented as of PHP 7.3.0. [1] <https://wiki.php.net/rfc/argon2_password_hash#configure_flag> [2] <http://www.php.net/manual/en/password.installation.php> [3] <https://wiki.php.net/rfc/argon2_password_hash_enhancements> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
