Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94461 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8808 invoked from network); 10 Jul 2016 19:27:40 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Jul 2016 19:27:40 -0000 Authentication-Results: pb1.pair.com header.from=charlesportwoodii@ethreal.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=charlesportwoodii@ethreal.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ethreal.net designates 209.85.218.52 as permitted sender) X-PHP-List-Original-Sender: charlesportwoodii@ethreal.net X-Host-Fingerprint: 209.85.218.52 mail-oi0-f52.google.com Received: from [209.85.218.52] ([209.85.218.52:35604] helo=mail-oi0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E8/82-22463-AA1A2875 for ; Sun, 10 Jul 2016 15:27:39 -0400 Received: by mail-oi0-f52.google.com with SMTP id r2so122310234oih.2 for ; Sun, 10 Jul 2016 12:27:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ethreal.net; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZxVDZIGQrVFxZuNaa7i69WJmzIxAKwVbwRoH2YM4nZI=; b=nsCQHVqi02iVw/QwDvVCOcuSMlCpFgn4VbGAIPEW1gEg27uqS70vbl53tRkOJs8GBV TYxp7dKm9sa+AfjA/ALn703F7phuJzQfcPfxDOKWSrfonLkYtVNKQukTJO2QaCkNijvi x7SSBYEVY3u+hTYhGac1FS8FmBN5v7SNMbYAA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erianna.com; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZxVDZIGQrVFxZuNaa7i69WJmzIxAKwVbwRoH2YM4nZI=; b=G8so1PXdb5X+a8qN6SKz7wjQ+tOfmDjz6xIROBF0GARrxFU5woy1ITHAvllob8wmD/ xLYmYpz2TB6VE2iwXac73ZQ33YKrG1YdBnviI8hDuT2eGZAEl6ldbozcj1z6DsAEaAqi NvtLOG0tQLDfrlQcp6EdNH5Mt2H+85LAkeP3E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ZxVDZIGQrVFxZuNaa7i69WJmzIxAKwVbwRoH2YM4nZI=; b=QBakKeGNaPWGGeKLxFH0htTuFFLuQCpRvJ9YGkBPm/rMmIiJYetN7AahF6dAPIBQ2s MIawp719LR+PsJlv3oTC4vOtvpHVOdKIGO7rhbR7MPHpfgqVGOqTBSgAuh673XgECGhp m+tSGT3WQZJ7Hs6iJRf/HcIwSgqwDV+3YqV/os4rWqH2e1U/v/UlNlslJ4f2GIRyDY08 v/Y75yw/o1GzTWjaheGae+QGKcNJrqoxMIph8uQfggxQpZBJ29rPhYwCu36enDwGdJv+ z4NyXdEk1qiI256/ELd1m/Q5gE4H9hLwnj5Jr2a4VnKfCTfl6TxrYPfDzl3ijmx3HrtG RbIQ== X-Gm-Message-State: ALyK8tJuzQXOt8z7HpeCRs2EjZpCa+Si2A8NxTQFm0FPd9zTHj8w+VSgr/skUge4sfSm65Fa4YHERaQui87K8A== X-Received: by 10.202.218.215 with SMTP id r206mr8362964oig.55.1468178856173; Sun, 10 Jul 2016 12:27:36 -0700 (PDT) MIME-Version: 1.0 Sender: charlesportwoodii@ethreal.net Received: by 10.182.2.161 with HTTP; Sun, 10 Jul 2016 12:27:16 -0700 (PDT) X-Originating-IP: [2601:246:100:db51:c429:9c32:868d:a440] In-Reply-To: References: Date: Sun, 10 Jul 2016 14:27:16 -0500 X-Google-Sender-Auth: Dx_ZUNROTkqfS-Detb6kamicCV0 Message-ID: To: Scott Arciszewski Cc: Pierre Joye , PHP internals Content-Type: multipart/alternative; boundary=001a113d2b7830a6f705374d0778 Subject: Re: [PHP-DEV] Request for wiki karma From: charlesportwoodii@erianna.com ("Charles R. Portwood II") --001a113d2b7830a6f705374d0778 Content-Type: text/plain; charset=UTF-8 On Sun, Jul 10, 2016 at 12:36 AM, Scott Arciszewski wrote: > Version 1.3 of the Argon2 spec alleviated my concerns. > > I never completed my patch, and the past couple of months have been > hectic. I can review the patch before it's merged if you want, but I still > don't have the free time to author an alternative. > > If accepted in 7.1, I believe it can be the new PASSWORD_DEFAULT in 7.3 if > it remains the best option. > > Scott Arciszewski > Chief Development Officer > Paragon Initiative Enterprises > > On Sun, Jul 10, 2016 at 1:24 AM, Pierre Joye wrote: > >> >> On Jul 10, 2016 2:38 AM, "Charles R. Portwood II" < >> charlesportwoodii@erianna.com> wrote: >> > >> > Hello Internals, >> > >> > I'd like to improve the password_* functions by adding support for >> > Argon2[1], the winner of the Password Hasing Competition[2]. >> > >> > I've previously implemented an extension[3] to handle this, however I >> > believe this would be better to have Argon2 implemented directly >> password_* >> > functions. I would handle implementation of this enhancement, and would >> > like to gather your feedback before formally proposing an RFC. >> > >> > My wiki username is: charlesportwoodii >> > >> > Thank you! >> > *Charles R. Portwood II* >> > >> > [1] >> > [2] >> > [3] >> >> Hi Charles, >> >> Nice work already. >> >> I add Scott to this thread to be sure he reads. As far as I remember he >> has a patch too but there was concerns about having argon2 support at this >> stage because of the current state of argon2 specs (or something along this >> line). >> >> Let be sure that these concerns are solved before considering to include >> it as it means some bc risks later if the specs change. >> >> Cheers >> Pierre >> > > Thanks for your feedback everyone (and for granting wiki access)! This implementation would be against the version 1.3 of the Argon2 reference library. As Scott mentioned, this proposal would be for inclusion on 7.1, and then made PASSWORD_DEFAULT in 7.3 per the password_hash RFC, assuming better option does not arise. I'll provide an RFC within the coming days which will outline everything in detail. Thanks again, *Charles R. Portwood II* --001a113d2b7830a6f705374d0778--