In sitting down to expose libsodium's argon2i password hashing function via password_hash(), I discovered two things.
The first is that it doesn't seem to support Argon2id for password storage the way we use it in password_hash(). Bummer, but that's a conversation to have with Frank, and there's nothing we can do about it for the foreseeable future. The second is that crypto_pwhash_str() and crypto_pwhash_str_verify() reject any attempt to use a "time_cost" value less than three. Wanna guess what our default time_cost value is? That's right, it's two. So that's a long winded way of asking, does anyone see an issue with upping the default time cost for argon2 to a higher number? (e.g. "3") This will ensure that the following actually works as expected and doesn't give users confusing result and more importantly, allows us to use sodium to back argon hashing interchangeably with the more lenient libargon. $hash = password_hash("Foo", PASSWORD_ARGON2I); var_dump(sodium_crypto_pwhash_str_verify($hash, "Foo")); // currently FALSE, due to t < 3. The only negative impact is that password hashing becomes a slightly more expensive task. Where "slightly" means 3ms instead of 2ms on my Linux VM running on my 2 core Mac laptop. -Sara