Does adding Argon2 as a possible choice for password_hash() +
password_verify() need an RFC? Or can I just submit a pull request?
It won't be changing the default in 7.1, and IIRC this sort of change
was already agreed upon as part of the original password_hash() RFC.
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com
Does adding Argon2 as a possible choice for
password_hash()+
password_verify()need an RFC? Or can I just submit a pull request?
The original RFC (https://wiki.php.net/rfc/password_hash) contained the following text:
I'd propose the following policy for updating the default hashing algorithm in future releases of PHP.
- Any new algorithm must be in core for at least 1 full release of PHP prior to becoming default. So if scrypt is added in 5.5.5, it wouldn't be eligible for default until 5.7 (since 5.6 would be the full release). But if jcrypt (making it up) was added in 5.6.0, it would also be eligible for default at 5.7.0.
- The default should only change on a full release (5.6.0, 6.0.0, etc) and not on a revision release. The only exception to this is in an emergency when a critical security flaw is found in the current default.
- For a normal (non-emergency) change in default, an RFC shall be issued for the update of the default algorithm, following normal RFC rules.
So technically I don’t think it would be necessary to have an RFC to add another algorithm, though I think it might be nice as this is certainly a place where things shouldn’t be changed willy nilly.
It won't be changing the default in 7.1, and IIRC this sort of change
was already agreed upon as part of the originalpassword_hash()RFC.
I’m not really qualified to discuss the merits of the algorithm but a couple of questions:
- Is there already a crypt scheme for Argon2? Or are there any efforts to define one? It would good if PHP wouldn’t be an island.
- Back in July, when it won the PHC, it wasn’t deemed production ready as they wanted to make a few tweaks. Is that completed?
- Are you proposing to use Argon2d or Argon2i?
Lastly, I think it would be a good start to implement Argon2 in ext-hash.
Best regards
Rouven
Does adding Argon2 as a possible choice for
password_hash()+
password_verify()need an RFC? Or can I just submit a pull request?The original RFC (https://wiki.php.net/rfc/password_hash) contained the
following text:I'd propose the following policy for updating the default hashing
algorithm in future releases of PHP.
- Any new algorithm must be in core for at least 1 full release of PHP
prior to becoming default. So if scrypt is added in 5.5.5, it wouldn't be
eligible for default until 5.7 (since 5.6 would be the full release). But
if jcrypt (making it up) was added in 5.6.0, it would also be eligible for
default at 5.7.0.- The default should only change on a full release (5.6.0, 6.0.0, etc)
and not on a revision release. The only exception to this is in an
emergency when a critical security flaw is found in the current default.- For a normal (non-emergency) change in default, an RFC shall be issued
for the update of the default algorithm, following normal RFC rules.So technically I don’t think it would be necessary to have an RFC to add
another algorithm, though I think it might be nice as this is certainly a
place where things shouldn’t be changed willy nilly.It won't be changing the default in 7.1, and IIRC this sort of change
was already agreed upon as part of the originalpassword_hash()RFC.I’m not really qualified to discuss the merits of the algorithm but a
couple of questions:
- Is there already a crypt scheme for Argon2? Or are there any efforts to
define one? It would good if PHP wouldn’t be an island.- Back in July, when it won the PHC, it wasn’t deemed production ready as
they wanted to make a few tweaks. Is that completed?- Are you proposing to use Argon2d or Argon2i?
Lastly, I think it would be a good start to implement Argon2 in ext-hash.
Best regards
Rouven
I was considering the same for adding scrypt; however there (isn't|wasn't|I
couldn't find) a crypt scheme for it and having a custom algorithm
identifier for php seemed like a bad idea.
~C
Hi,
Does adding Argon2 as a possible choice for
password_hash()+
password_verify()need an RFC? Or can I just submit a pull request?The original RFC (https://wiki.php.net/rfc/password_hash) contained the
following text:I'd propose the following policy for updating the default hashing
algorithm in future releases of PHP.
- Any new algorithm must be in core for at least 1 full release of PHP
prior to becoming default. So if scrypt is added in 5.5.5, it wouldn't be
eligible for default until 5.7 (since 5.6 would be the full release). But
if jcrypt (making it up) was added in 5.6.0, it would also be eligible for
default at 5.7.0.- The default should only change on a full release (5.6.0, 6.0.0, etc)
and not on a revision release. The only exception to this is in an
emergency when a critical security flaw is found in the current default.- For a normal (non-emergency) change in default, an RFC shall be
issued for the update of the default algorithm, following normal RFC rules.So technically I don’t think it would be necessary to have an RFC to add
another algorithm, though I think it might be nice as this is certainly a
place where things shouldn’t be changed willy nilly.It won't be changing the default in 7.1, and IIRC this sort of change
was already agreed upon as part of the originalpassword_hash()RFC.I’m not really qualified to discuss the merits of the algorithm but a
couple of questions:
- Is there already a crypt scheme for Argon2? Or are there any efforts to
define one? It would good if PHP wouldn’t be an island.
https://github.com/P-H-C/phc-winner-argon2
The reference implementation. If anything we should use it.
I am not sure if we should bundle the library tho'.
- Back in July, when it won the PHC, it wasn’t deemed production ready as
they wanted to make a few tweaks. Is that completed?- Are you proposing to use Argon2d or Argon2i?
Lastly, I think it would be a good start to implement Argon2 in ext-hash.
Best regards
Rouven
Hi,
- Is there already a crypt scheme for Argon2? Or are there any efforts to define one? It would good if PHP wouldn’t be an island.
https://github.com/P-H-C/phc-winner-argon2
The reference implementation. If anything we should use it.
I am not sure if we should bundle the library tho'.
Thanks for the link. The included example seem to use $argon2i$ and $argon2d$ as crypt scheme. A cursory search didn’t show anyone else using Argon2 with a crypt scheme, so this would probably be good enough.
Best regards
Rouven
- Solar Designer
Hi,
- Is there already a crypt scheme for Argon2? Or are there any efforts to define one? It would good if PHP wouldn’t be an island.
https://github.com/P-H-C/phc-winner-argon2
The reference implementation. If anything we should use it.
I am not sure if we should bundle the library tho'.
Thanks for the link. The included example seem to use $argon2i$ and $argon2d$ as crypt scheme. A cursory search didn’t show anyone else using Argon2 with a crypt scheme, so this would probably be good enough.
To my understanding, the crypt scheme hasn't been formalized. Solar
Designer, can you confirm?
Anthony
To my understanding, the crypt scheme hasn't been formalized. Solar
Designer, can you confirm?
I think it has been, in the way defined by encoding.c in:
https://github.com/P-H-C/phc-winner-argon2
$ echo password | ./argon2 salt | grep ^Encoded
Encoded: $argon2i$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$pDVCkCwe3h2SnqGPAGNoM36WzhyGPAd+bb3BLrxyzWw
$ echo password | ./argon2 salt -d | grep ^Encoded
Encoded: $argon2d$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$Js0T8jeqwDeja/AQ+x2o4SUn22MofUW2f88RlMRhQso
I haven't been involved in this closely, though.
Alexander
To my understanding, the crypt scheme hasn't been formalized. Solar
Designer, can you confirm?I think it has been, in the way defined by encoding.c in:
https://github.com/P-H-C/phc-winner-argon2
$ echo password | ./argon2 salt | grep ^Encoded
Encoded: $argon2i$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$pDVCkCwe3h2SnqGPAGNoM36WzhyGPAd+bb3BLrxyzWw
$ echo password | ./argon2 salt -d | grep ^Encoded
Encoded: $argon2d$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$Js0T8jeqwDeja/AQ+x2o4SUn22MofUW2f88RlMRhQsoI haven't been involved in this closely, though.
Alexander
I'm going to write the pull request tonight then. If there's any
reason to not merge it, please discuss it there.
Thanks Solar. :)
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com
On Mon, Jan 11, 2016 at 11:32 AM, Solar Designer solar@openwall.com
wrote:To my understanding, the crypt scheme hasn't been formalized. Solar
Designer, can you confirm?I think it has been, in the way defined by encoding.c in:
https://github.com/P-H-C/phc-winner-argon2
$ echo password | ./argon2 salt | grep ^Encoded
Encoded:
$argon2i$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$pDVCkCwe3h2SnqGPAGNoM36WzhyGPAd+bb3BLrxyzWw
$ echo password | ./argon2 salt -d | grep ^Encoded
Encoded:
$argon2d$m=4096,t=3,p=1$c2FsdAAAAAAAAAAAAAAAAA$Js0T8jeqwDeja/AQ+x2o4SUn22MofUW2f88RlMRhQsoI haven't been involved in this closely, though.
Alexander
I'm going to write the pull request tonight then. If there's any
reason to not merge it, please discuss it there.Thanks Solar. :)
That's great :)
And as it will not be enabled by default the risk of having to maintain our
own prefix can be minimized by adding a note stating the current situation.
Thanks :)