rfc:sodium.argon.hash
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:sodium.argon.hash [2019/04/05 21:18] – pollita | rfc:sodium.argon.hash [2019/07/16 14:06] – pollita | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2019-04-05 | * Date: 2019-04-05 | ||
* Author: Sara Golemon, pollita@php.net | * Author: Sara Golemon, pollita@php.net | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 13: | Line 13: | ||
===== Proposal ===== | ===== Proposal ===== | ||
Wrap crypto_pwhash_str_alg() and crypto_pwhash_str_verify() from libsodium to provide argon2i and argonid implementations to the password_hash() family of functions if core has not already registered these algorithms. | Wrap crypto_pwhash_str_alg() and crypto_pwhash_str_verify() from libsodium to provide argon2i and argonid implementations to the password_hash() family of functions if core has not already registered these algorithms. | ||
+ | |||
+ | ==== Additional Changes ==== | ||
+ | |||
+ | PHP's default tuning for the libargon based Argon2i(d) hashing mechanisms hasn't been updated in awhile and is a bit low for best practices. Because of this, PHP's defaults for libargon usage will be updated to match libsodium' | ||
+ | |||
+ | * // | ||
+ | * // | ||
+ | * //threads// default: **1** (libsodium has a max threads count of 1) | ||
==== New Constants ==== | ==== New Constants ==== | ||
Line 22: | Line 30: | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
- | * **Incompatibilities between libargon and libsodium: | + | * <del>**Incompatibilities between libargon and libsodium: |
+ | * < | ||
+ | * The above turned out to be incorrect. | ||
* **libsodium support for explicitly choosing algorithm: | * **libsodium support for explicitly choosing algorithm: | ||
* Make libsodium >= 1.0.15 a requirement for building | * Make libsodium >= 1.0.15 a requirement for building | ||
* Make libsodium >= 1.0.15 a requirement for including password_hash() support, but still building other features (preferred option) | * Make libsodium >= 1.0.15 a requirement for including password_hash() support, but still building other features (preferred option) | ||
* Simply accept not having all algorithms available. | * Simply accept not having all algorithms available. | ||
+ | * This RFC will be moving forward with the second option above: Only export argon2i/ | ||
+ | * **libsodium with threads > 1**: libsodium' | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
7.4 | 7.4 | ||
- | ===== Open Issues | + | ===== Vote ===== |
- | + | ||
- | * libsodium < 1.0.15 handling; See " | + | |
- | ===== Proposed Voting Choices ===== | + | Started 23rd June 2019. Ends 7th July 2019 |
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
- | " | + | ===== Proposed Patch ===== |
+ | * https:// |
rfc/sodium.argon.hash.txt · Last modified: 2020/08/01 23:55 by carusogabriel