The future seems to be even brighter and secure for PHP. PHP 7.2 is definitely way faster than the 5.X series and kudos to PHP development team for creating such a sleek version. With that said, speed has been improved and its time for improving the security. They have opted for Argon2 algorithm for password hashing.
Let’s talk about the background of the issues password-hashing algorithms have been facing and how Argon2 accommodates the resolution to the issues.
In 2014 when Password Hashing Competition started there were multiple problems that were being addressed.
The answer to these issues is more or less resolved by Argon2 algorithm with their state of the art in the design of the memory-hard functions. The algorithm is simplistic and has two versions to address different issues. Argon2i and Argon2d.
Argon2i uses data-independent memory access. It is slower because it makes more passes over the memory to protect from trade off attacks. It is highly recommended for password hashing and password-based key derivation.
Argon2d used data dependent memory access. It is faster is best suited for applications with no threats from side-channel attacks and also offers highest resistance against GPU cracking attacks.
How are you going to access get benefits of this amazing algorithm using PHP 7.2?
Since PHP has only included Argon2i version, there is a new constant defined for password hashing.
PASSWORD_ARGON2 – Alias of PASSWORD_ARGON2I
Subsequently there are 3 more constants introduced, which are associated with Argon2 algorithm.
Parallelization for the number of threads that can compute using the same algorithm
Argon2 is optimized for the x86 and x86_64 architecture. However, there is a minimal slowdown noticed on the older processors. We will certainly value Argon2 for its highest performance and ability to use multiple computational cores to protect tradeoff attacks.
The PHP team has done exceptional job with this and have also changed several functions like password_get_info(), password_verify(), password_hash(), password_needs_rehash().
It is definitely a celebrating moment for PHP Development Firms globally and for PHP Developers for upgrading their PHP version to a fast and much more secure version with the award-winning password hashing algorithms.
We shall look forward to your feedback on if there are any other algorithms which can server better to PHP 7.2 and how. Please feel free to comment.
Nisarg Mehta, CEO & Chairman of Techtic Solutions, is the vision of the company. Nisarg is active in operations in his daily routine as he is one of the key decision makers in terms of technological advancements of the company. He is a friendly leader with hardworking, motivating, visionary and passionate personality.
Did you know that back in 2019 – way before the onset of a global pandemic – over 52% of consumers revealed that they would […]
Please share your contact information, for us to connect with you and offer you a free discovery session about your digital product.