Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94463 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 36143 invoked from network); 11 Jul 2016 07:23:35 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Jul 2016 07:23:35 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:49275] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EE/84-22463-F6943875 for ; Mon, 11 Jul 2016 03:23:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1468221804; l=7455; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=BWss85HZ7GCE5BvCcmCF2n+byKtWN7XO3qO3eOvKE6U=; b=KlGcEC6I24Shi40kKC/vnx2Ig79lVcUSwvsNspRymOwYmo/2hNiDH/i6Sj6mj+Iakz2 O8Y2Ys25GElXuR89kOKKv3obb2jCSdpOpFnkbgsMiPadCX9SS3vCW+HjpT9l8oQL+pqND 5cY3/sxrgoYbA/cR14tYYyAl4c14ktsvWok= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3U6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f46.google.com ([74.125.82.46]) by smtp.strato.de (RZmta 38.11 AUTH) with ESMTPSA id h08b4cs6B7NLU9t (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Mon, 11 Jul 2016 09:23:21 +0200 (CEST) Received: by mail-wm0-f46.google.com with SMTP id f126so79266279wma.1 for ; Mon, 11 Jul 2016 00:23:21 -0700 (PDT) X-Gm-Message-State: ALyK8tJ1jv+3S5gEHL8XqcLNNpTuEXgYIWmTbBgqwOQoqsYeXrZ5C9WDdcOZh3ExvFuyhDJCrKia/FF4be/kkw== X-Received: by 10.28.22.144 with SMTP id 138mr12819783wmw.77.1468221800548; Mon, 11 Jul 2016 00:23:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.199.67 with HTTP; Mon, 11 Jul 2016 00:23:19 -0700 (PDT) In-Reply-To: References: Date: Mon, 11 Jul 2016 09:23:19 +0200 X-Gmail-Original-Message-ID: Message-ID: To: "Charles R. Portwood II" Cc: Scott Arciszewski , Pierre Joye , PHP internals , Joe Watkins Content-Type: multipart/alternative; boundary=001a1146e5dedf930d053757062d Subject: Re: [PHP-DEV] Request for wiki karma From: me@kelunik.com (Niklas Keller) --001a1146e5dedf930d053757062d Content-Type: text/plain; charset=UTF-8 2016-07-10 21:27 GMT+02:00 Charles R. Portwood II < charlesportwoodii@erianna.com>: > On Sun, Jul 10, 2016 at 12:36 AM, Scott Arciszewski > wrote: > > > Version 1.3 of the Argon2 spec alleviated my concerns. > > > > I never completed my patch, and the past couple of months have been > > hectic. I can review the patch before it's merged if you want, but I > still > > don't have the free time to author an alternative. > > > > If accepted in 7.1, I believe it can be the new PASSWORD_DEFAULT in 7.3 > if > > it remains the best option. > > > > Scott Arciszewski > > Chief Development Officer > > Paragon Initiative Enterprises > > > > On Sun, Jul 10, 2016 at 1:24 AM, Pierre Joye > wrote: > > > >> > >> On Jul 10, 2016 2:38 AM, "Charles R. Portwood II" < > >> charlesportwoodii@erianna.com> wrote: > >> > > >> > Hello Internals, > >> > > >> > I'd like to improve the password_* functions by adding support for > >> > Argon2[1], the winner of the Password Hasing Competition[2]. > >> > > >> > I've previously implemented an extension[3] to handle this, however I > >> > believe this would be better to have Argon2 implemented directly > >> password_* > >> > functions. I would handle implementation of this enhancement, and > would > >> > like to gather your feedback before formally proposing an RFC. > >> > > >> > My wiki username is: charlesportwoodii > >> > > >> > Thank you! > >> > *Charles R. Portwood II* > >> > > >> > [1] > >> > [2] > >> > [3] > >> > >> Hi Charles, > >> > >> Nice work already. > >> > >> I add Scott to this thread to be sure he reads. As far as I remember he > >> has a patch too but there was concerns about having argon2 support at > this > >> stage because of the current state of argon2 specs (or something along > this > >> line). > >> > >> Let be sure that these concerns are solved before considering to include > >> it as it means some bc risks later if the specs change. > >> > >> Cheers > >> Pierre > >> > > > > > Thanks for your feedback everyone (and for granting wiki access)! > > This implementation would be against the version 1.3 of the Argon2 > reference library. As Scott mentioned, this proposal would be for inclusion > on 7.1, and then made PASSWORD_DEFAULT in 7.3 per the password_hash RFC, > assuming better option does not arise. > > I'll provide an RFC within the coming days which will outline everything in > detail. > > Thanks again, > > *Charles R. Portwood II* Hi Charles, it will probably have to target 7.2 as 7.1 has feature freeze in less then two weeks IIRC. Regards, Niklas --001a1146e5dedf930d053757062d--