Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94881 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 98310 invoked from network); 6 Aug 2016 11:09:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Aug 2016 11:09:09 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.163 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.163 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.163] ([81.169.146.163:27777] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 68/68-33134-455C5A75 for ; Sat, 06 Aug 2016 07:09:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1470481746; l=6327; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=iPeZgQ9HzLSTDLalv5H39zG66cdmmovYYxVSi6RVQhY=; b=RpVgV9ARuOFo42QVr9o4JPtz6Ha+Icsrwf4ss3gZDHNwHGySsezpyylOEszCZfFEStA Gbu4AE48l6kKbf7F8/4Rvtw3lCuqDPg8Yo42K6J6PYeNKSMY7wK7M0eK5VUWIaXC7ELdi I91coIFrg5gMPCYRS+YOhyvHo2mMRHn3080= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtOnI6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f51.google.com ([74.125.82.51]) by smtp.strato.de (RZmta 38.13 AUTH) with ESMTPSA id z004a0s76B95FoB (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Sat, 6 Aug 2016 13:09:05 +0200 (CEST) Received: by mail-wm0-f51.google.com with SMTP id q128so58318960wma.1 for ; Sat, 06 Aug 2016 04:09:05 -0700 (PDT) X-Gm-Message-State: AEkoouujubdzOo+/WV4k7WVjS0lVN4Zq/dpeOLX9JoqH9U4i+gTVFBboezqP7H3QGGz5hu7UTDyyq8jK1juOrA== X-Received: by 10.194.184.39 with SMTP id er7mr72820009wjc.159.1470481745735; Sat, 06 Aug 2016 04:09:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.27.206 with HTTP; Sat, 6 Aug 2016 04:09:05 -0700 (PDT) In-Reply-To: <9d2ef6f3a84333f35ebcb843ade65c22@k-piste.dy.fi> References: <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> <9d2ef6f3a84333f35ebcb843ade65c22@k-piste.dy.fi> Date: Sat, 6 Aug 2016 13:09:05 +0200 X-Gmail-Original-Message-ID: Message-ID: To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= Cc: "Charles R. Portwood II" , Tom Worster , PHP internals Content-Type: multipart/alternative; boundary=047d7ba97a101a859c0539653647 Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash From: me@kelunik.com (Niklas Keller) --047d7ba97a101a859c0539653647 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 2016-08-05 22:51 GMT+02:00 Lauri Kentt=C3=A4 : > On 2016-08-05 21:20, Charles R. Portwood II wrote: > >> On Fri, Aug 5, 2016 at 12:12 PM, Tom Worster wrote: >> >>> >>> I can understand an argument that it's too much to expect a user to >>> provide an options array when using Argon2. But I don't understand how = my >>> suggestion breaks BC. In my idea, a future RFC would propose default co= st >>> constants. Changing PASSWORD_DEFAULT to PASSWORD_ARGON2I depends on tho= se >>> constants so they would need to be defined before changing >>> PASSWORD_DEFAULT or at the same time. So... >>> >>> password_hash('password', PASSWORD_DEFAULT) will always work. >>> >>> password_hash('password', PASSWORD_ARGON2I) works as soon as Argon2 is >>> introduced in your proposal, but has to wait for another future RFC in = my >>> suggested change. >>> >>> password_hash('password', PASSWORD_ARGON2I, [costs]) will always work. >>> >>> How does a BC break happen? >>> >>> Tom >>> >>> >> Hi Tom, >> >> It breaks the API in the interim between this RFC and a potential future >> one. The $options parameter for both password_hash and >> password_needs_rehash is optional. Making it required for one algorithm >> but >> not another changes the API's for both methods. The expectations outline= d >> in the original password_hash RFC make the third parameter for tuning th= e >> algorithm, not for making the algorithm work. Without default values, bo= th >> password_hash and password_needs_rehash would fail unless the costs are >> provided. >> >> > I think it's very important to provide some kind of default parameters. > We have password_needs_rehash for the exact reason that we can later > change the defaults if they are not good enough (anymore). > > If the defaults are not set, people will have to invent their own > parameters, which may be good or very bad. These parameters will not be > automatically updated with future versions of PHP. > We should definitely provide defaults. > There is nothing to lose from setting some sane defaults. > There is nothing to gain from NOT setting the defaults. > > About the memory requirements: setting the memory cost too high may limit > using this algorithm in many inexpensive shared web hosting services, > which may have default PHP memory limit as low as 128 MB or 256 MB. Setting the memory limit too high could also result in overall memory exhaustion with many concurrent login attempts. --047d7ba97a101a859c0539653647--