Globally PHP is accepted as one of the most enhanced and used server-side scripting languages and there are a plethora of CMS, CRM, Frameworks and more created on this wonderful language. Certainly having a PHP 7.0 with the fastest possible speed was a great deal.
The future seems to be even brighter and secure for PHP. PHP 7.2 is definitely way faster than the 5.X series and kudos to the PHP development team for creating such a sleek version. With that said, speed has been improved, and it’s time for improving security. They have opted for the Argon2 algorithm for password hashing.
Let’s talk about the background of the issues password-hashing algorithms have been facing and how Argon2 accommodates the resolution to the issues.
In 2014 when Password Hashing Competition started there were multiple problems that were being addressed.
The answer to these issues is more or less resolved by the Argon2 algorithm with their state of the art in the design of the memory-hard functions. The algorithm is simplistic and has two versions to address different issues. Argon2i and Argon2d.
Argon2i uses data-independent memory access. It is slower because it makes more passes over the memory to protect from tradeoff attacks. It is highly recommended for password hashing and password-based key derivation.
Argon2d used data-dependent memory access. It is faster is best suited for applications with no threats from side-channel attacks and also offers the highest resistance against GPU cracking attacks.
How are you going to access get benefits of this amazing algorithm using PHP 7.2?
Since PHP has only included the Argon2i version, there is a new constant defined for password hashing.
PASSWORD_ARGON2I
PASSWORD_ARGON2 – Alias of PASSWORD_ARGON2I
Subsequently, there are 3 more constants introduced, which are associated with the Argon2 algorithm.
Parallelization for the number of threads that can compute using the same algorithm
Argon2 is optimized for the x86 and x86_64 architecture. However, there is a minimal slowdown noticed on the older processors. We will certainly value Argon2 for its highest performance and ability to use multiple computational cores to protect tradeoff attacks.
The PHP team has done exceptional job with this and have also changed several functions like password_get_info(), password_verify(), password_hash(), password_needs_rehash().
It is definitely a celebrating moment for PHP Development Firms globally and for PHP Developers for upgrading their PHP version to a fast and much more secure version with the award-winning password hashing algorithms.
We shall look forward to your feedback on if there are any other algorithms that can serve better to PHP 7.2 and how. Please feel free to comment.
Nisarg Mehta, CEO & Chairman of Techtic Solutions, is the vision of the company. Nisarg is active in operations in his daily routine as he is one of the key decision makers in terms of technological advancements of the company. He is a friendly leader with hardworking, motivating, visionary and passionate personality.
Contents Front-End Web Development Trends 1. JS 2. Jamstack 3. Mobile-First Approach 4. Headless CMS Architecture 5. Server-Side Rendering 6. PWAs Back-End Web Development Trends […]