On Feb 5, 2018, 9:43 AM -0600, Charles R. Portwood II <charlesportwoo...@erianna.com>, wrote:
> Hello Internals, > > I would like to propose adding Argon2id to the password_* functions in PHP > 7.3. > > An RFC[1] has been prepared which covers implementation details, and some > common questions & concerns that I have anticipated. This RFC also includes a > tested and working implementation[2] to illustrate changes to PHP itself. > > The biggest question at this time is how we want to handle versioning of the > Argon2 reference library. The RFC covers this issue in detail and provides a > solution that ensures no BC breakage for existing users. > > I look forward to hearing your feedback. Thanks. > > [1] https://wiki.php.net/rfc/argon2_password_hash_enhancements > [2]: > https://github.com/php/php-src/compare/master...charlesportwoodii:argon2_password_hash_enhancements?expand=1 > > --- > > Charles R. Portwood II Hello Internals, I would like to follow up on the RFC to add Argon2id to the password_* functions in PHP 7.3. The discussion itself[1] didn’t seem to gather much attention since it was posted in February, however there has been some discussions[2] in a separate thread inquiring about the status of Argon2 in PHP in general. I’ve updated the RFC[3] based upon discussions I’ve had with individuals outside of the mailing list. With this update the RFC now recommends forcing an libargon2 version >= 20161029 during configure for the --with-password-argon2 flag, providing password_* with support for both Argon2i and Argon2id. I would like to target PHP 7.3 with this RFC. Since there haven’t been any major discussion points raised since the RFC is introduced back in February, I would like to offer another an opportunity for additional discussion before I submit this RFC for a vote in the next few weeks. I look forward to hearing your feedback! Thanks. [1]: https://externals.io/message/101777 [2]: https://externals.io/message/102041#102042 [3]: https://wiki.php.net/rfc/argon2_password_hash_enhancements --- Charles R. Portwood II
