search

paragonie / pecl-libsodium-doc

Free Online Documentation for the Libsodium PHP Extension
https://paragonie.com/book/pecl-libsodium
Creative Commons Attribution 4.0 International
88 stars 11 forks source link

Password hashing not argon2i but argon2id #14

Open My1 opened 6 years ago

My1 commented 6 years ago

well when I do the following:

$h1=@sodium_crypto_pwhash_str("test",1,1<<26);

it throws this:

$argon2id$v=19$m=65536,t=1,p=1$TrIXxztPanspLgGdNv/TCg$OkI1oXPgUaWFnEpqOs7k6/n0xtfZqkTfsmfE/iqTvB0

clearly argon2id.

jedisct1 commented 6 years ago

Congrats for having an operating system with up-to-date packages!

Unfortunately, most people use Linux distributions that are stuck with obsolete packages, and will remain so for years. And don't have Argon2id. Or Argon2 at all.

My1 commented 6 years ago

well I use Caddy with PHP7.2 on windows for developing and I try to push any hoster I use to get up to date stuff.

7.2 core sodium right now has a little annoyance with trying to use ops of 1 (I hope they fix it later, already reported there)

I am not a CEO or someone who has to worry about problems that come with updating like cost, I like argon and I want to use it.

and honestly I just argon for what it is because it enables hogging more system resources than bcrypt wihle also staying relatively quick (unless you go into memory regions of for example 1GB)