]> granicus.if.org Git - php/commitdiff
Increase default time cost for argon2 password hashing
authorSara Golemon <pollita@php.net>
Wed, 27 Mar 2019 04:07:55 +0000 (00:07 -0400)
committerSara Golemon <pollita@php.net>
Wed, 27 Mar 2019 04:36:19 +0000 (00:36 -0400)
NEWS
ext/standard/php_password.h

diff --git a/NEWS b/NEWS
index 24e9ec2182d82026998b9d2000d93acb140dcf1d..225c9b6ad7fb5c9c2d9f0b0618dbf6ec52ceb2d8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ PHP                                                                        NEWS
     (Ryan McCullagh, Nikita)
   . Fixed bug #75921 (Inconsistent: No warning in some cases when stdObj is
     created on the fly). (David Walker)
+  . Increased default time_cost for argon2i(d) password_hash to 3. (Sara)
 
 - COM:
   . Deprecated registering of case-insensitive constants from typelibs. (cmb)
index ecb34780c70a61adbbd75cfddd94d92ab67dfa60..46ed4f036826f8cb1f1de11aca34e196893ac5bd 100644 (file)
@@ -34,7 +34,7 @@ PHP_MSHUTDOWN_FUNCTION(password);
 
 #if HAVE_ARGON2LIB
 #define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
-#define PHP_PASSWORD_ARGON2_TIME_COST 2
+#define PHP_PASSWORD_ARGON2_TIME_COST 3
 #define PHP_PASSWORD_ARGON2_THREADS 2
 #endif