libsodium based Argon2i(d) password_hash()

  105991
June 19, 2019 22:53 pollita@php.net (Sara Golemon)
I intend to move  https://wiki.php.net/rfc/sodium.argon.hash into voting on
Friday.

Note that I need to update the PR to reflect the decision to synchronize
the time_cost and mem_limit defaults for libargon based hashing with
libsodium.

If you have any last minute issues with this RFC, please bring them up now.

-Sara
  105993
June 20, 2019 07:33 nikita.ppv@gmail.com (Nikita Popov)
On Thu, Jun 20, 2019 at 12:54 AM Sara Golemon <pollita@php.net> wrote:

> I intend to move https://wiki.php.net/rfc/sodium.argon.hash into voti > > For "threads" (p=# in the hash output), the current PHP default is 2, > while libsodium is hardcoded at 1, we can't override that. > ng on > Friday. > > Note that I need to update the PR to reflect the decision to synchronize > the time_cost and mem_limit defaults for libargon based hashing with > libsodium. > > If you have any last minute issues with this RFC, please bring them up now. >
Could you please explicitly specify what the new default time/memory cost factors will be? Also, what is going to happen with threads? I assume the default will become 1, but what happens is a larger value is specified while libsodium is used? Nikita
  106009
June 20, 2019 20:58 pollita@php.net (Sara Golemon)
On Thu, Jun 20, 2019 at 2:34 AM Nikita Popov ppv@gmail.com> wrote:

> On Thu, Jun 20, 2019 at 12:54 AM Sara Golemon <pollita@php.net> wrote: > > > I intend to move https://wiki.php.net/rfc/sodium.argon.hash into voti > > > > For "threads" (p=# in the hash output), the current PHP default is 2, > > while libsodium is hardcoded at 1, we can't override that. > > ng on > > Friday. > > > > Note that I need to update the PR to reflect the decision to synchronize > > the time_cost and mem_limit defaults for libargon based hashing with > > libsodium. > > > > If you have any last minute issues with this RFC, please bring them up > now. > > > > Could you please explicitly specify what the new default time/memory cost > factors will be? > > Done.
> Also, what is going to happen with threads? I assume the default will > become 1, but what happens is a larger value is specified while libsodium > is used? > > Default to 1. Users will be allowed to specify higher numbers, but the sodium implementation will produce an error with values > 1.
-Sara