Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102122
Return-Path: <charlesportwoodii@erianna.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94014 invoked from network); 22 May 2018 15:52:09 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 May 2018 15:52:09 -0000
Authentication-Results: pb1.pair.com smtp.mail=charlesportwoodii@erianna.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=charlesportwoodii@erianna.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain erianna.com designates 209.85.214.42 as permitted sender)
X-PHP-List-Original-Sender: charlesportwoodii@erianna.com
X-Host-Fingerprint: 209.85.214.42 mail-it0-f42.google.com  
Received: from [209.85.214.42] ([209.85.214.42:36830] helo=mail-it0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 07/D9-55862-8AC340B5 for <internals@lists.php.net>; Tue, 22 May 2018 11:52:09 -0400
Received: by mail-it0-f42.google.com with SMTP id e20-v6so569013itc.1
        for <internals@lists.php.net>; Tue, 22 May 2018 08:52:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=erianna.com; s=google;
        h=date:from:to:message-id:in-reply-to:references:subject:mime-version;
        bh=4tiRzP4mh44rVuIfE+nx3KyyARvaRGhBQ1jUCUsBv1s=;
        b=GES1l6bcEjLVMdDwFqutpQ9c2FDijHprFivYeQToYjxI/QM1ADyvXNJsgZLmJzRi10
         GiKBA8aBtB6f9sX7Lb50hoY0s5wvSgRPXM9cG0PNUM9m8rXVbR/ybGLLAj6KUubaO4C3
         o1TSMafKr5NrOglQ0eSGTKjwxyi3m3SrAvSuY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:message-id:in-reply-to:references
         :subject:mime-version;
        bh=4tiRzP4mh44rVuIfE+nx3KyyARvaRGhBQ1jUCUsBv1s=;
        b=IxBM9BP0/k2MXs/fqShhCn/0DB7imqr5VgjUqU3x/JVBDWPoFiSF9RR/hmcjLuT/7+
         jWxfzQGs8lQNT/zyr9FF+6mLaBlwynXpXO9KGPIS0fRRDPDqyRSvHtA0ZmN823P5lLbO
         C4zWdVStSJEvjm9stPsDND29w2tX67ijLhkSI1P+AZ90D57psOKsNKfzIPWXuv78cJdi
         a0sDnI4F/Dry6ndH3PBpHav/5skKKpqW2IxD22qD/E1/xxRi80n7jvRnjbjlu8NhEmlU
         mks4a+V3McEQOo9Uyvd/IPkrK8y/E6YVDEisWms/b8HC7kw/MTI/vbXYkhrWzd65FXDG
         UsUQ==
X-Gm-Message-State: ALKqPwcKf2RuYFF7fA72pOUoqfbVsEOzSJ0iGD4O7fkzOdK3pZ8SQAvK
	RDbksuY15ZLyp8C6ZhYU0wBNc/BTSnA=
X-Google-Smtp-Source: AB8JxZqRoUM3NGCpPeILbJJ5TBemER78H1a7gOizI8HkGwB1E9T2AyjdBwpMSMX/jGPQtcJs9ARcUA==
X-Received: by 2002:a24:d947:: with SMTP id p68-v6mr1892039itg.74.1527004321517;
        Tue, 22 May 2018 08:52:01 -0700 (PDT)
Received: from [10.0.31.44] ([38.142.126.82])
        by smtp.gmail.com with ESMTPSA id c90-v6sm114068itd.13.2018.05.22.08.52.00
        for <internals@lists.php.net>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 22 May 2018 08:52:00 -0700 (PDT)
Date: Tue, 22 May 2018 10:51:21 -0500
To: PHP internals <internals@lists.php.net>
Message-ID: <65f56c76-a212-4185-983c-312b42210e23@Spark>
In-Reply-To: <CAGC=tRmwofyymNumRMRLP0OA5EhMaQPbfkk+OWkq9eB_Qxy_8A@mail.gmail.com>
References: <CAGC=tRmwofyymNumRMRLP0OA5EhMaQPbfkk+OWkq9eB_Qxy_8A@mail.gmail.com>
X-Readdle-Message-ID: 65f56c76-a212-4185-983c-312b42210e23@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5b043ca0_22221a70_17e1e"
Subject: Re: [RFC][DISCUSSION] Argon2id in Password Hash
From: charlesportwoodii@erianna.com ("Charles R. Portwood II")

--5b043ca0_22221a70_17e1e
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On =46eb 5, 2018, 9:43 AM -0600, Charles R. Portwood II <charlesportwoodi=
i=40erianna.com>, wrote:

> Hello Internals,
>
> I would like to propose adding Argon2id to the password=5F* functions i=
n PHP 7.3.
>
> An R=46C=5B1=5D has been prepared which covers implementation details, =
and some common questions & concerns that I have anticipated. This R=46C =
also includes a tested and working implementation=5B2=5D to illustrate ch=
anges to PHP itself.
>
> The biggest question at this time is how we want to handle versioning o=
f the Argon2 reference library. The R=46C covers this issue in detail and=
 provides a solution that ensures no BC breakage for existing users.
>
> I look forward to hearing your feedback. Thanks.
>
> =5B1=5D https://wiki.php.net/rfc/argon2=5Fpassword=5Fhash=5Fenhancement=
s
> =5B2=5D: https://github.com/php/php-src/compare/master...charlesportwoo=
dii:argon2=5Fpassword=5Fhash=5Fenhancements=3Fexpand=3D1
>
> ---
>
> Charles R. Portwood II

Hello Internals,

I would like to follow up on the R=46C to add Argon2id to the password=5F=
* functions in PHP 7.3. The discussion itself=5B1=5D didn=E2=80=99t seem =
to gather much attention since it was posted in =46ebruary, however there=
 has been some discussions=5B2=5D in a separate thread inquiring about th=
e status of Argon2 in PHP in general.

I=E2=80=99ve updated the R=46C=5B3=5D based upon discussions I=E2=80=99ve=
 had with individuals outside of the mailing list. With this update the R=
=46C now recommends forcing an libargon2 version >=3D 20161029 during con=
figure for the --with-password-argon2 flag, providing password=5F* with s=
upport for both Argon2i and Argon2id.

I would like to target PHP 7.3 with this R=46C. Since there haven=E2=80=99=
t been any major discussion points raised since the R=46C is introduced b=
ack in =46ebruary, I would like to offer another an opportunity for addit=
ional discussion before I submit this R=46C for a vote in the next few we=
eks.

I look forward to hearing your feedback=21 Thanks.

=5B1=5D:=C2=A0https://externals.io/message/101777
=5B2=5D:=C2=A0https://externals.io/message/102041=23102042
=5B3=5D:=C2=A0https://wiki.php.net/rfc/argon2=5Fpassword=5Fhash=5Fenhance=
ments

---

Charles R. Portwood II

--5b043ca0_22221a70_17e1e--