Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94855 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8434 invoked from network); 5 Aug 2016 14:20:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Aug 2016 14:20:03 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.67 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.67 smtp67.iad3a.emailsrvr.com Received: from [173.203.187.67] ([173.203.187.67:43731] helo=smtp67.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 87/1B-33134-190A4A75 for ; Fri, 05 Aug 2016 10:20:02 -0400 Received: from smtp25.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp25.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id C0C4C203DB; Fri, 5 Aug 2016 10:19:58 -0400 (EDT) X-Auth-ID: fsb@thefsb.org Received: by smtp25.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id A25AA203D3; Fri, 5 Aug 2016 10:19:58 -0400 (EDT) X-Sender-Id: fsb@thefsb.org Received: from yossy.local (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA) by 0.0.0.0:587 (trex/5.7.1); Fri, 05 Aug 2016 10:19:58 -0400 To: "Charles R. Portwood II" , PHP internals References: Message-ID: <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> Date: Fri, 5 Aug 2016 10:19:52 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [RFC][DISCUSSION] Argon2 Password Hash From: fsb@thefsb.org (Tom Worster) On 8/5/16 8:47 AM, Charles R. Portwood II wrote: > The RFC is available at: https://wiki.php.net/rfc/argon2_password_hash. Hi Charles, Thanks for doing this. I'm glad Argon2 is coming to PHP. You can have a longer voting period if you like, which I think would be a good idea. I think it's confusing to have two consts to identify the algorithm. I don't understand the analogy to PASSWORD_DEFAULT. If we only provide Argon2i, one const is easier. If we anticipate adding another Argon2 algo in the future that is not backward compatible with this one then I don't think we would want to change PASSWORD_ARGON2 to point to it. Finally, I wonder if it wouldn't be better if, for the time being, we do not provide default costs constants. Argon2 is new (as crypto algos go) and very early in a gradual introduction in deployments. And it is hard to use because of the three cost factors. Correctly tuning those for different machines is not yet a commonly-understood skill. (You even can find conflicting advice on how to tune Bcrypt's time factor.) If we offer default costs then it will appear, to some people, even those who know little about it beyond the name, as though deploying Argon2 is just a matter of using it with the defaults. I'm not sure this is a good idea. If, on the other hand, we omit the constants and require the $options argument then it discourages inexpert users. At the same time it encourages experimentation and understanding of the costs, among those who take an interest, which I think is just what we want. Those who want to use Argon2 are going to make special efforts to get the lib and enable it in PHP. So I don't think it's unreasonable to expect the early adopters to give some thought to the costs. Tom