FS#56587 - [php] 7.2 argon password hashing not available

Attached to Project: Arch Linux
Opened by Stefan Stojanovic (sstojanovic) - Tuesday, 05 December 2017, 12:08 GMT
Last edited by Pierre Schmitz (Pierre) - Tuesday, 30 January 2018, 18:43 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

Can't use argon hashing algorithm for password_hash() in php 7.2.

Tested on Debian and Fedora with same configuration, and it's working there.
Used https://rpms.remirepo.net/
https://deb.sury.org/

Additional info:
* php 7.2.0-1
* config and/or log files etc.


Steps to reproduce:

$ php -a
> echo password_hash('test', PASSWORD_ARGON2I);
# or simply
> echo PASSWORD_ARGON2I;

# getting this response
PHP Warning: Use of undefined constant PASSWORD_ARGON2I - assumed 'PASSWORD_ARGON2I' (this will throw an Error in a future version of PHP) in php shell code on line 1
PASSWORD_ARGON2I
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Tuesday, 30 January 2018, 18:43 GMT
Reason for closing:  Implemented
Additional comments about closing:  in version 7.2.2-1
Comment by Pierre Schmitz (Pierre) - Tuesday, 05 December 2017, 17:24 GMT
That would add a dependency to the argon2 package which is in [community].
Comment by Stefan Stojanovic (sstojanovic) - Tuesday, 05 December 2017, 17:42 GMT
Ok, but that's one of the most advertised feature of new PHP 7.2,
first programming language with next-get password hashing they said :)

So it would be nice to have that feature.
Comment by Thomas Vercruysse (TVercruysse) - Tuesday, 05 December 2017, 21:52 GMT
Pierre is right, this should be a seperate package called php-argon2 or something similar.

@sstojanovic just compile from source with --with-password-argon2 until it is available, thats what i do too.

Edit: I'd like to reconsider my stand towards this issue, all other repo's include --with-password-argon2 since this is a main improvement in php 7.2 so i think its best to include so in arch as wel.
Also the argon2 package in community is not responsible for the hashing function in php. (i tested this with another distro where i did not had the argon2 package installed yet the hashing worked out of the box)
Comment by Thomas Vercruysse (TVercruysse) - Thursday, 04 January 2018, 20:44 GMT
Still an issue in latest version (7.2.1-1)

the only change in PKGBUILD would be '--add-password-argon2 \'

i wont even check the repo anymore and will be compiling from source.
Arch is the only distro out there not including it. What is happening ¯\_(ツ)_/¯

Loading...