In sitting down to expose libsodium's argon2i password hashing function via
password_hash(), I discovered two things.
The first is that it doesn't seem to support Argon2id for password storage
the way we use it in password_hash(). Bummer, but that's a conversation to
have with Frank, and there's nothing we can do about it for the foreseeable
future.
The second is that crypto_pwhash_str() and crypto_pwhash_str_verify()
reject any attempt to use a "time_cost" value less than three. Wanna guess
what our default time_cost value is? That's right, it's two.
So that's a long winded way of asking, does anyone see an issue with upping
the default time cost for argon2 to a higher number? (e.g. "3") This will
ensure that the following actually works as expected and doesn't give users
confusing result and more importantly, allows us to use sodium to back
argon hashing interchangeably with the more lenient libargon.
$hash = password_hash("Foo", PASSWORD_ARGON2I);
var_dump(sodium_crypto_pwhash_str_verify($hash, "Foo")); // currently
FALSE, due to t < 3.
The only negative impact is that password hashing becomes a slightly more
expensive task. Where "slightly" means 3ms instead of 2ms on my Linux VM
running on my 2 core Mac laptop.
-Sara
