rfc:sodium.argon.hash

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:sodium.argon.hash [2019/06/23 17:18] pollitarfc:sodium.argon.hash [2020/08/01 23:55] (current) – RFC was implemented carusogabriel
Line 3: Line 3:
   * Date: 2019-04-05   * Date: 2019-04-05
   * Author: Sara Golemon, pollita@php.net   * Author: Sara Golemon, pollita@php.net
-  * Status: Under Discussion+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/sodium.argon.hash   * First Published at: http://wiki.php.net/rfc/sodium.argon.hash
  
Line 30: Line 30:
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
  
-  * **Incompatibilities between libargon and libsodium:** Sodium's argon2 implementation enforces a minimum //time_cost// value of **3**.  Prior to PHP 7.4, the default value for //time_cost// was **2**.  This means that argon2 password hashes produced using password_hash() on earlier versions of PHP (and using the default cost value) will not be verifiable by the ext/sodium implementation of these algorithms.  Indeed, any argon2 password hash produced using an explicit //time_cost// of 2 or less will fail to verify with the libsodium implementation.+  * <del>**Incompatibilities between libargon and libsodium:** Sodium's argon2 implementation enforces a minimum //time_cost// value of **3**.  Prior to PHP 7.4, the default value for //time_cost// was **2**.  This means that argon2 password hashes produced using password_hash() on earlier versions of PHP (and using the default cost value) will not be verifiable by the ext/sodium implementation of these algorithms.  Indeed, any argon2 password hash produced using an explicit //time_cost// of 2 or less will fail to verify with the libsodium implementation.</del> 
 +      * <del>Note that for installations which explicitly provide libargon support, this presents no change in behavior, as the libargon implementation in ext/standard supersedes the sodium implementation.</del> 
 +      * The above turned out to be incorrect.  While libsodium will refuse to generate hashes with a time_cost < 3, it will happily verify them.
   * **libsodium support for explicitly choosing algorithm:** libsodium >= 1.0.15 provides an API for explicitly choosing which argon2 algorithm to use.  Older versions of libsodium make this decision for you.  For example, my build using libsodium 1.0.13 always produces argon2i hashes, not argon2id.  Options:   * **libsodium support for explicitly choosing algorithm:** libsodium >= 1.0.15 provides an API for explicitly choosing which argon2 algorithm to use.  Older versions of libsodium make this decision for you.  For example, my build using libsodium 1.0.13 always produces argon2i hashes, not argon2id.  Options:
     * Make libsodium >= 1.0.15 a requirement for building     * Make libsodium >= 1.0.15 a requirement for building
Line 41: Line 43:
 7.4 7.4
  
-===== Proposed Voting Choices =====+===== Vote =====
  
-"Should ext/sodium export argon2i and argon2id password_hash algorithms?"+Started 23rd June 2019. Ends 7th July 2019 
 +<doodle title="Provide argon2i(d) from ext/sodium when argon not presentauth="pollita" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle>
  
 ===== Proposed Patch ===== ===== Proposed Patch =====
  
 * https://github.com/php/php-src/pull/4012  This implementation only registers the algos for password_hash() *IF* the libsodium library is recent enough. (preferred option umder BC Implications) * https://github.com/php/php-src/pull/4012  This implementation only registers the algos for password_hash() *IF* the libsodium library is recent enough. (preferred option umder BC Implications)
rfc/sodium.argon.hash.1561310327.txt.gz · Last modified: 2019/06/23 17:18 by pollita