How to use Argon2 algorithm with password_hash?

Question

How to use Argon2 algorithm with password_hash?

So, I heard that PHP 7.2 introduced the new Argon2 algorithm . But I am confused about how I can use it with my existing code. For example, I have this

$password = password_hash('somepassword', PASSWORD_DEFAULT, ['cost' => 12]);

Does PASSWORD_DEFAULTArgon2 use? What if something I need to change with password_verify? Is bcrypt now considered unsafe?

+6

algorithm php php-password-hash php-7.2 argon2-ffi

Machavity Dec 01 '17 at 21:57

source share

1 answer

Machavity · Accepted Answer · 2017-12-01T21:57:31+0000

What is Argon2? Is bcrypt bad now?

PHP 7.2 password_hash bcrypt. , bcrypt - , , md5 sha1 ( , ). Argon2

Argon2i . , . .

Bcrypt - . , ( 7.2.0). , PASSWORD_DEFAULT ( PHP Internals policy) (7.3.0 ). , bcrypt, PASSWORD_BCRYPT. , .

Argon2?

password_hash PASSWORD_ARGON2I, . bcrypt cost , ( = ). ,

password_hash('somepassword', PASSWORD_ARGON2I, ['memory_cost' => 2048, 'time_cost' => 4, 'threads' => 3]);

,

memory_cost - ( ), Argon2 ( 1024)
time_cost - , Argon2 ( 2)
threads - , Argon2 ( 2)

, , script. , , . . PHP , .

, , bcrypt 60 , Argon2 . , , 255 .

`password_verify`?

... . , password_verify , , . , , PASSWORD_DEFAULT, . password_verify . bcrypt Argon2, , (, ) .

//Works for both bcrypt and Argon2
if(password_verify($user_password, $stored_hash);

bcrypt, , (, , ). , $2y$ ( bcrypt). , password_hash , Argon2 .

How to use Argon2 algorithm with password_hash?

What is Argon2? Is bcrypt bad now?

Argon2?

password_verify?

More articles:

`password_verify`?