Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94858
Return-Path: <charlesportwoodii@ethreal.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15232 invoked from network); 5 Aug 2016 15:00:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Aug 2016 15:00:23 -0000
Authentication-Results: pb1.pair.com header.from=charlesportwoodii@ethreal.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=charlesportwoodii@ethreal.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ethreal.net designates 209.85.218.45 as permitted sender)
X-PHP-List-Original-Sender: charlesportwoodii@ethreal.net
X-Host-Fingerprint: 209.85.218.45 mail-oi0-f45.google.com  
Received: from [209.85.218.45] ([209.85.218.45:34087] helo=mail-oi0-f45.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CE/5C-33134-60AA4A75 for <internals@lists.php.net>; Fri, 05 Aug 2016 11:00:22 -0400
Received: by mail-oi0-f45.google.com with SMTP id l203so32850872oib.1
        for <internals@lists.php.net>; Fri, 05 Aug 2016 08:00:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ethreal.net; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=SoNFiOeUQkrmwb//ytShKOeWAilK1cNFv5eK9tLOpwI=;
        b=RLfkQZ947GQYWAvtu6s8Js2DBWRPk0i5yHzdTjrwtGFdevpZOwoYHWQHj21YrzTC+V
         tfeN5ATofGIMhvq/Mmdku+AWA6ahPV9Wk+JUOp4HB0oo6XMW6DrG156wvnE+jBJb8X21
         OFmNoDMsuyvKdzBDj7qDx0ZXtLreb4lClhh3o=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=erianna.com; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=SoNFiOeUQkrmwb//ytShKOeWAilK1cNFv5eK9tLOpwI=;
        b=UoOuDb1kVZcfu6OHiXP3c9ZnqVimuynal6wLHANJn+hXqAxrJ+Qifa6nrxMhxFxoYa
         nfwOhQUpinyLAAKd1qsvtjOWZHZLjhkUIGsWaSkZnjXJoaRRY33KBW7qORx6lPm2HXNn
         j6KqMprSSxyT47ClyGlakmyKT6o31r0Uf+YG4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=SoNFiOeUQkrmwb//ytShKOeWAilK1cNFv5eK9tLOpwI=;
        b=Pp/1K4X8M/svfV9yPVx9cC21qhKmGLezM2gCEJYnAPWs9KHmDDTghQdh7GJrTUm1E+
         ND6HWJwfeJ+Or1BDAACxTnoYAdu5o22jSpUqm9pRvIGsgx5pGarIEjr8QxDjZgY7InNR
         vxRecyBcZjJdOospwtcqxlhq7BKxtyi3UsqjZKE6eNc0m/VyQuHN9zBjWBObHkLa7RCu
         PtxoFOcDGTmXF+zN48fFBWInXVR/CRVyT/KevWEXhnwRGoeQ1UuWs0axTBNvkKz+jocc
         W2ZPWzjzP5L5CNTVGY9pEfkQimyQL1BcK+GN7y2QNQQNRZ7f5MPENWIHtp46+MQCtgW4
         DFKQ==
X-Gm-Message-State: AEkoouusOXO0n2vZ8qB0hibyhW51xx5baci7MrxCMNlAGTmpROqtKdD7x0c9pVBv4pl/j6M4ETFRLX+dkkllRw==
X-Received: by 10.202.205.87 with SMTP id d84mr10122838oig.44.1470409219569;
 Fri, 05 Aug 2016 08:00:19 -0700 (PDT)
MIME-Version: 1.0
Sender: charlesportwoodii@ethreal.net
Received: by 10.182.191.72 with HTTP; Fri, 5 Aug 2016 07:59:59 -0700 (PDT)
X-Originating-IP: [38.140.54.114]
In-Reply-To: <CAGC=tR=4v0KAkqnU1Q3Fr5AeM8o_PuJfP9rYQ_s4X3=Z9UUh=w@mail.gmail.com>
References: <CAGC=tRnpka_ym=f-xsskjeiPaqahsTEAxPq9=E8Z73KQKeRrHg@mail.gmail.com>
 <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> <CAGC=tR=4v0KAkqnU1Q3Fr5AeM8o_PuJfP9rYQ_s4X3=Z9UUh=w@mail.gmail.com>
Date: Fri, 5 Aug 2016 09:59:59 -0500
X-Google-Sender-Auth: bEEclbifCkhreduJnj2E3qPKMzQ
Message-ID: <CAGC=tRkXOMyy-VuTxMYx3rkupbd1fVhg9FJHW3afyR5N1_UfaA@mail.gmail.com>
To: Tom Worster <fsb@thefsb.org>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1135334c35999c0539545338
Subject: Re: [RFC][DISCUSSION] Argon2 Password Hash
From: charlesportwoodii@erianna.com ("Charles R. Portwood II")

--001a1135334c35999c0539545338
Content-Type: text/plain; charset=UTF-8

On Fri, Aug 5, 2016 at 9:49 AM, Charles R. Portwood II <
charlesportwoodii@erianna.com> wrote:

> On Fri, Aug 5, 2016 at 9:19 AM, Tom Worster <fsb@thefsb.org> wrote:
>
>> On 8/5/16 8:47 AM, Charles R. Portwood II wrote:
>>
>> The RFC is available at: https://wiki.php.net/rfc/argon2_password_hash
>>>
>>> .
>>>
>>
>> Hi Charles,
>>
>> Thanks for doing this. I'm glad Argon2 is coming to PHP.
>
>
> As the spec requires some minimum values to even work (and there's
> recommendations from the developers [1]), I think we should be providing
> defaults so that the algorithm works out of the box, though I agree they
> could be set to lower values. Note that the spec does specifically say that
> there is no "insecure" value for the memory and time cost attributes. If we
> wanted to drop it to the minimum recommend by the developers, the values
> would be:
>
> m_cost = 16
> t_cost = 2
> threads = 1
>
> I'm open to other suggestions or alternatives though.
>
> Thanks,
> *Charles R. Portwood II*
>
> [1]: https://github.com/P-H-C/phc-winner-argon2/issues/144
>
>
For clarity, a memory cost of 16 implies 65536 KiB, or 64 MiB of memory.
The only difference between the values recommended by the developers, and
the cost outlined in the RFC is that the t_cost is set to 3.

*Charles R. Portwood II*

--001a1135334c35999c0539545338--