Hi
On 9/6/23 21:33, Vinicius Dias wrote:
This is very interesting. It's the first time I see recommendations
pro Bcrypt and against Argon2. Even Owasp recommends Argon2 over
Bcrypt [1].
I am not a cryptography expert so I believe that if there is a
discussion of which one is better PHP shouldn'
This is very interesting. It's the first time I see recommendations
pro Bcrypt and against Argon2. Even Owasp recommends Argon2 over
Bcrypt [1].
I am not a cryptography expert so I believe that if there is a
discussion of which one is better PHP shouldn't change things for now,
so that totally ans
Argon2 is opt-in, not opt-out, at compile-time, so then we would have to
agree on it being acceptable for PASSWORD_DEFAULT to have different values
depending on compile-time options, maybe thats completely fine, or maybe it
isn't, idk.
But as Dusterhus points out, Argon2 is inferior to bcrypt anyw
Hi
On 9/6/23 18:08, Vinicius Dias wrote:
I was wondering here... Is there any reason for `PASSWORD_DEFAULT`'s
value not to be `PASSWORD_ARGON2ID`?
To the best of my knowledge Argon2 is not available in a "default"
installation of PHP without including any external dependencies.
Also Argon2
