Hi
On 9/6/23 21:33, Vinicius Dias wrote:
This is very interesting. It's the first time I see recommendations
pro Bcrypt and against Argon2. Even Owasp recommends Argon2 over
Bcrypt [1].
I am not a cryptography expert so I believe that if there is a
discussion of which one is better PHP shouldn't change things for now,
so that totally answers the question of why the default is still
bcrypt.
There is some opportunity for change or improvement. As a result of this
thread I've created an "Increasing the default BCrypt cost" RFC. I'd be
happy to see you within that RFC's discussion thread [1].
Best regards
Tim Düsterhus
[1] https://news-web.php.net/php.internals/121004
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
