[RFC][DISCUSSION] Argon2id in Password Hash

February 5, 2018 15:43 charlesportwoodii@erianna.com ("Charles R. Portwood II")
Hello Internals,

I would like to propose adding Argon2id to the password_* functions in PHP

An RFC[1] has been prepared which covers implementation details, and some
common questions & concerns that I have anticipated. This RFC also includes
a tested and working implementation[2] to illustrate changes to PHP itself.

The biggest question at this time is how we want to handle versioning of
the Argon2 reference library. The RFC covers this issue in detail and
provides a solution that ensures no BC breakage for existing users.

I look forward to hearing your feedback. Thanks.

[1] https://wiki.php.net/rfc/argon2_password_hash_enhancements
[2]: https://github.com/php/php-src/compare/master...


Charles R. Portwood II