Add Argon2i for password hashing

[weierophinney]

This PR adds an extra class for the argon2i password hash algorithm introduced with PHP7.2.

There are some open questions with this:

1. Do we really want to have 1 new class for each algorithm PHP addes? "Argon2id" is just around the corner...

2. PHP's password_verify() accepts currently both Bcrypt and Argon2i hashes. So basically you could either use the Bcrypt class or the Argon2i class to verify either hashes. This makes it pretty easy to migrate users from Bcrypt to Argon2i:

   • Use the new Argon2i class as the dependency
   • old bcrypt passwords are still verified correctly
   • new password will be created with argon2i

3. Do we need a wrapper function for password_needs_rehash() ? This would mean we need some kind of inter-class upgrade path (from class Bcrypt to Argon2i in future php-versions). Although we dont know WHY password_needs_rehash() returns false: is it because of the algorithm or the cost value(s)?

4. This class is marked as PHP7.2+ only (it throws an exception in the constructor). Do we want to provide fallbacks of some kind for older PHP Versions?

5. Other than the algorithm no other PHP7.2+ specific features were used in this class (e. g. scalar type hints and return types) because a syntax error is much more heavy and harder to catch than a constructor-exception (Pre 7.0). Should type hints and return types get added because its a PHP7.2+ class anyway?

---

Originally posted by @MatthiasKuehneEllerhold at https://github.com/zendframework/zend-crypt/pull/58

[weierophinney]

I've refactored out the usage of the default constants but it seems like the PHP7.2 binaries from travis-ci have no argon2 support whatsoever, see: https://github.com/travis-ci/travis-ci/issues/8863

---

Originally posted by @MatthiasKuehneEllerhold at https://github.com/zendframework/zend-crypt/pull/58#issuecomment-387705734

[weierophinney]

Rebased it unto develop and changed the PR target.

I've tried to orient myself on the existing bcrypt class.

---

Originally posted by @MatthiasKuehneEllerhold at https://github.com/zendframework/zend-crypt/pull/58#issuecomment-387708114

[weierophinney]

I've tried to orient myself on the existing bcrypt class.

No worries, I'm just suggesting to get rid of some cruft, especially on new classes. @ezimuel needs to check these, since he's the lead here.

---

Originally posted by @Ocramius at https://github.com/zendframework/zend-crypt/pull/58#issuecomment-387708490

[weierophinney]

@MatthiasKuehneEllerhold I forgot to answer to your main questions:

1. yes, this is the actual architecture of zend-crypt. Maybe, we will change it in the future.
2. yes, you right the password_verify is used by Bcrypt and Argon2i but this is ok and actually good for portability purpose, as you already noticed.
3. no, I don't think we need a wrapper for password_needs_rehash() function of PHP. The usage of this function is simple and people can use directly it. We don't see any advantages for a wrapper class here.
4. no, I don't think we need to support Argon2i for PHP < 7.2. I implemented, years ago, Scrypt directly in PHP but the performance are not so good as C, of course.
5. no, at the moment we don't use type hint for zend-crypt for backwards compatibility, we are still supporting PHP 5.6. That said, we will change it soon with a new major release.

---

Originally posted by @ezimuel at https://github.com/zendframework/zend-crypt/pull/58#issuecomment-404503253

[weierophinney]

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee. If you have a security issue, please follow our security reporting guidelines. If you wish to take on the role of maintainer, please nominate yourself