PHP 8.2 missing argon2id support

[devfrey]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave "+1" or "me too" comments. They generate extra noise for issue followers and do not help prioritize the request.

Tell us about your request What do you want us to build?

Compile PHP 8.2 with --with-password-argon2.

Is this request specific to an Elastic Beanstalk platform? If so, which one(s)?

• PHP 8.2 AL2023 version 4.0.0

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.

Argon2id is the recommended hashing algorithm for storing passwords. See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html. Previous PHP platforms supported this algorithm, so this appears to have been an oversight.

Are you currently working around this issue? How are you currently solving this problem?

There is no workaround.

Additional context Anything else we should know?

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

[swiffer]

https://github.com/amazonlinux/amazon-linux-2023/issues/204

[swiffer]

can be installed on latest Amazon Linux 2023 release via Platform Hook:

sodium.sh

#!/bin/bash

set -xe

if ! php -r 'exit(extension_loaded("sodium") ? 0 : 1);'; then
  dnf -y install php8.2-sodium
fi