Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94884
Return-Path: <charlesportwoodii@ethreal.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9757 invoked from network); 6 Aug 2016 14:47:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Aug 2016 14:47:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=charlesportwoodii@ethreal.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=charlesportwoodii@ethreal.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ethreal.net designates 209.85.218.50 as permitted sender)
X-PHP-List-Original-Sender: charlesportwoodii@ethreal.net
X-Host-Fingerprint: 209.85.218.50 mail-oi0-f50.google.com  
Received: from [209.85.218.50] ([209.85.218.50:34202] helo=mail-oi0-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 56/D9-33134-898F5A75 for <internals@lists.php.net>; Sat, 06 Aug 2016 10:47:53 -0400
Received: by mail-oi0-f50.google.com with SMTP id l203so64563001oib.1
        for <internals@lists.php.net>; Sat, 06 Aug 2016 07:47:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ethreal.net; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=V51BmXHdLLxcel8wrwzpOjJgWlnUSdhEDFjOegU9G+k=;
        b=ZxUdYJnSLt13MpbXfJNdX7T4eC+dAqYdJq0XHYvvNmPv/sSUDY6rXs6FdCaiorRCml
         O5020kwZIOb3c0mSBlnTFS6gNCqr+aWnexDYqlfWB/iKHsty19iimySY3EJ7VCYThUqh
         SJNwQU1HHr08OI+wz2KpZZCq0GrkTj+imKYNs=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=erianna.com; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=V51BmXHdLLxcel8wrwzpOjJgWlnUSdhEDFjOegU9G+k=;
        b=E7nKH1Avl/+eFcPSb246utX+WRy1QQ/e3NHjlK590doL1iSS6dYIqDahGnixDULNAT
         Arpopd1PGMl0LAbR8OEc+YbuUKYkDZFEuI0eJvNURgkxlOhuU0voL/PhuSSsksDfRT9z
         /p9kMvNfAsJPQJYmGRScYYzvoaeDmduoSODW4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=V51BmXHdLLxcel8wrwzpOjJgWlnUSdhEDFjOegU9G+k=;
        b=Z4bj4K9CU0A0A/5aWxvY9ueRYBC1LWfEXU3eRo6vhflp8iyNTs5Y8XdfsiytaKhoVx
         y5KKegc78oUnTl45q38YPML55Zzorzqde4zszhU25gWl83HZrJFHg8/NXw2TwHcJGLks
         rHG24QCP1HvJlAkMbPF+C97rkWw59MTqO1tZS8PlS8lk90MQITJu8wZac7qlEyadKfXs
         GdIF9fVW2zgxamr8aT8pwDP6kUbjeyy3DPGQKjghEkvtZmlppV2M9Fd+3/O7DhhVNIc+
         4D3LRcTKoCtXgJ8eChtJNfOt7mRHlyXaV5M+X7r9Gv/X5KJi/GFMKUMx4ssRfwVPcrYW
         uH5Q==
X-Gm-Message-State: AEkoousamVjpIUaRzdFm0fLOJunC92TZInsW6/a8RibkU+X4uL69DJXYeaCdFOxpBNNBVynmDuIRCKXWlWFUSQ==
X-Received: by 10.202.218.215 with SMTP id r206mr46789966oig.55.1470494867994;
 Sat, 06 Aug 2016 07:47:47 -0700 (PDT)
MIME-Version: 1.0
Sender: charlesportwoodii@ethreal.net
Received: by 10.182.191.72 with HTTP; Sat, 6 Aug 2016 07:47:27 -0700 (PDT)
X-Originating-IP: [2601:246:100:db51:cc2e:e593:3223:1d20]
In-Reply-To: <CANUQDCj-e27+VS0uZPXcOw=Y4mVNwR23AFE9btaNA3VXqKTAcQ@mail.gmail.com>
References: <CAGC=tRnpka_ym=f-xsskjeiPaqahsTEAxPq9=E8Z73KQKeRrHg@mail.gmail.com>
 <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> <CAGC=tR=4v0KAkqnU1Q3Fr5AeM8o_PuJfP9rYQ_s4X3=Z9UUh=w@mail.gmail.com>
 <CAObuZdsq33=g4wG=FP0bOHnsE9N+PrCu3nGs7ZNAxx=rX4dJ+w@mail.gmail.com>
 <CAGC=tRkw3u0=ufjALKvF6YpahLE6H05T0vFBHyHPCM4aR1siCw@mail.gmail.com>
 <D3CA3C50.70BAD%fsb@thefsb.org> <CAGC=tRnKgD=r8pSc1KVPahC2Xx=BYDV+M=55eQ0GfMQSVgr97Q@mail.gmail.com>
 <9d2ef6f3a84333f35ebcb843ade65c22@k-piste.dy.fi> <CANUQDCj-e27+VS0uZPXcOw=Y4mVNwR23AFE9btaNA3VXqKTAcQ@mail.gmail.com>
Date: Sat, 6 Aug 2016 09:47:27 -0500
X-Google-Sender-Auth: cjed-CNs0gbkmPQ-tsniUy6M2cA
Message-ID: <CAGC=tRk7p+=LdNT-wBNH6iUuQDnLKB5M3Pmt7DuJHxRbJPksvg@mail.gmail.com>
To: Niklas Keller <me@kelunik.com>
Cc: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>, 
	Tom Worster <fsb@thefsb.org>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113d2b78406b2705396844c2
Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash
From: charlesportwoodii@erianna.com ("Charles R. Portwood II")

--001a113d2b78406b2705396844c2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 6, 2016 at 6:09 AM, Niklas Keller <me@kelunik.com> wrote:

> 2016-08-05 22:51 GMT+02:00 Lauri Kentt=C3=A4 <lauri.kentta@gmail.com>:
>
>> On 2016-08-05 21:20, Charles R. Portwood II wrote:
>>
>>> On Fri, Aug 5, 2016 at 12:12 PM, Tom Worster <fsb@thefsb.org> wrote:
>>>
>>>>
>>>> I can understand an argument that it's too much to expect a user to
>>>> provide an options array when using Argon2. But I don't understand how
>>>> my
>>>> suggestion breaks BC. In my idea, a future RFC would propose default
>>>> cost
>>>> constants. Changing PASSWORD_DEFAULT to PASSWORD_ARGON2I depends on
>>>> those
>>>> constants so they would need to be defined before changing
>>>> PASSWORD_DEFAULT or at the same time. So...
>>>>
>>>> password_hash('password', PASSWORD_DEFAULT) will always work.
>>>>
>>>> password_hash('password', PASSWORD_ARGON2I) works as soon as Argon2 is
>>>> introduced in your proposal, but has to wait for another future RFC in
>>>> my
>>>> suggested change.
>>>>
>>>> password_hash('password', PASSWORD_ARGON2I, [costs]) will always work.
>>>>
>>>> How does a BC break happen?
>>>>
>>>> Tom
>>>>
>>>>
>>> Hi Tom,
>>>
>>> It breaks the API in the interim between this RFC and a potential futur=
e
>>> one. The $options parameter for both password_hash and
>>> password_needs_rehash is optional. Making it required for one algorithm
>>> but
>>> not another changes the API's for both methods. The expectations outlin=
ed
>>> in the original password_hash RFC make the third parameter for tuning t=
he
>>> algorithm, not for making the algorithm work. Without default values,
>>> both
>>> password_hash and password_needs_rehash would fail unless the costs are
>>> provided.
>>>
>>>
>> I think it's very important to provide some kind of default parameters.
>> We have password_needs_rehash for the exact reason that we can later
>> change the defaults if they are not good enough (anymore).
>>
>> If the defaults are not set, people will have to invent their own
>> parameters, which may be good or very bad. These parameters will not be
>> automatically updated with future versions of PHP.
>>
>
> We should definitely provide defaults.
>
>
>> There is nothing to lose from setting some sane defaults.
>> There is nothing to gain from NOT setting the defaults.
>>
>> About the memory requirements: setting the memory cost too high may limi=
t
>> using this algorithm in many inexpensive shared web hosting services,
>> which may have default PHP memory limit as low as 128 MB or 256 MB.
>
>
> Setting the memory limit too high could also result in overall memory
> exhaustion with many concurrent login attempts.
>

Hi,

Absolutely. What are your thoughts on the following cost factors?

time_cost =3D 3
memory_cost =3D 12
threads =3D 1

The reference library provides a CLI program where these values are listed
[1]. A memory_cost factor of 12 would be 4 MiB.

Thanks,
*Charles R. Portwood II*

[1]: https://github.com/P-H-C/phc-winner-argon2/blob/master/src/run.c#L27

--001a113d2b78406b2705396844c2--