In 01, cryptographers and practitioners around the world came together to an open Competition (PHC) with the goal of selecting one or more hash functions to be recognized as a recommended standard.

On July 20th, 2015 Argon2 that was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg was selected as the final PHC winner. Argon2 comes in the following three :

  • Argon2d maximizes resistance to GPU cracking attacks.
  • is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.
  • Argon2id is a hybrid version. It follows the Argon2i approach for the first pass over memory and the Argon2d approach for subsequent passes.

With the release of PHP 7.2 in November of 2017, PHP now includes functions for both the 2d and i version. However, the 2d is not suitable for password hashing.

5.6 that is due out next month will now feature Argon2i password hashing thanks to Michael Lundbøl, and you can find out how it’s implemented through the following pull request.

The old style of bcrypt will continue to be supported and will remain the default, but if you are starting a new project then it might be worth considering using the Argon2i driver once Laravel 5.6 officially makes it release.

Source link


Please enter your comment!
Please enter your name here