Argon2 Support

Question

Argon2 Support

indolering opened this issue 9 years ago · 4 comments

Support for Argon2 is apparently coming in PHP 7.1 and will be the default in PHP 7.2. It would be ideal if we could utilize this via Zend as well.

Not sure how multi-hashing functionality should be supported, perhaps that should be another ticket?

Answer 1 · 2016-05-17T23:19:42.000Z

I'm personally interested in getting server relief supported. This is a scheme in which the hashing happens client side, allowing extreme key stretching without opening one up to DoS attacks. Argon2 has this functionality built-in, performing a final hash on the client input. The API would need to send the salt to the client and then pass the result to Argon2...

Answer 2 · 2016-05-18T12:15:44.000Z

@indolering we will support it for sure after the release of PHP 7.1. The idea is to create a specific class for Argon2 under the Zend\Crypt\Password namespace.

Answer 3 · 2016-05-25T03:31:44.000Z

@ezimuel Any plans to include an interface for server relief? It would represent an order-of-magnitude increase to security.

Answer 4 · 2016-05-25T11:40:24.000Z

@indolering as I said, we will consider to support Argon2 when it will be available in PHP.