Introduction of Argon2 Algorithm with PHP 7.2

Globally PHP is accepted as one of the most enhanced and used server-side scripting languages and there are a plethora of CMS, CRM, Frameworks and more created on this wonderful language. Certainly having a PHP 7.0 with the fastest possible speed was a great deal.

The future seems to be even brighter and secure for PHP. PHP 7.2 is definitely way faster than the 5.X series and kudos to the PHP development team for creating such a sleek version. With that said, speed has been improved, and it’s time for improving security. They have opted for the Argon2 algorithm for password hashing.

Let’s talk about the background of the issues password-hashing algorithms have been facing and how Argon2 accommodates the resolution to the issues.

In 2014 when Password Hashing Competition started there were multiple problems that were being addressed.

  1. Memory addressing: should it be input-dependent, input-independent, or hybrid
  2. Memory Cost: Filling more memory or making more passes over the memory, which one is more robust?
  3. Memory Block Size: What should be the large single memory block be considering the fact that the processing should not slow down due to the limited amount of long registers?
  4. Parallelizing calls to the hashing: What would be the way to exploit multiple cores of current CPUs, as and when they are available?

The answer to these issues is more or less resolved by the Argon2 algorithm with their state of the art in the design of the memory-hard functions. The algorithm is simplistic and has two versions to address different issues. Argon2i and Argon2d.

Argon2i uses data-independent memory access. It is slower because it makes more passes over the memory to protect from tradeoff attacks. It is highly recommended for password hashing and password-based key derivation.

Argon2d used data-dependent memory access. It is faster is best suited for applications with no threats from side-channel attacks and also offers the highest resistance against GPU cracking attacks.

How are you going to access get benefits of this amazing algorithm using PHP 7.2?

Since PHP has only included the Argon2i version, there is a new constant defined for password hashing.

Subsequently, there are 3 more constants introduced, which are associated with the Argon2 algorithm.

    This defines the memory usage for the implementation of the algorithm.
    Execution time for the algorithm to take the password and make all passes over the memory and protect it.

Parallelization for the number of threads that can compute using the same algorithm

Argon2 is optimized for the x86 and x86_64 architecture. However, there is a minimal slowdown noticed on the older processors. We will certainly value Argon2 for its highest performance and ability to use multiple computational cores to protect tradeoff attacks.

The PHP team has done exceptional job with this and have also changed several functions like password_get_info(), password_verify(), password_hash(), password_needs_rehash().

It is definitely a celebrating moment for PHP Development Firms globally and for PHP Developers for upgrading their PHP version to a fast and much more secure version with the award-winning password hashing algorithms.

We shall look forward to your feedback on if there are any other algorithms that can serve better to PHP 7.2 and how. Please feel free to comment.

Nisarg Mehta - CEO Techtic Solutions Nisarg Mehta

Nisarg Mehta, CEO & Chairman of Techtic Solutions, is the vision of the company. Nisarg is active in operations in his daily routine as he is one of the key decision makers in terms of technological advancements of the company. He is a friendly leader with hardworking, motivating, visionary and passionate personality.

Join over 10,000 people who
love best articles, and tips.

Relevant Blog

Web Development Trends
Nisarg Mehta - CEO Techtic Solutions

14 Web Development Trends You Should Look for in 2023

Published on Nov 23, 2022 by Nisarg Mehta

Contents Front-End Web Development Trends 1. JS 2. Jamstack 3. Mobile-First Approach 4. Headless CMS Architecture 5. Server-Side Rendering 6. PWAs Back-End Web Development Trends […]

Start A Project
Send me this template
Send me this template

Build your next ‘winning’ MVP

in 3 simple steps
  • Identify the real-life problem you’re solving
  • How effective and needed the solution is
  • What features are the must-haves for product launch

Send me this template