From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Thu, 8 Sep 2016 17:59:21 +0000 (+0200)
Subject: Update UPGRADING wrt. [RFC]: Add Argon2 to password_*
X-Git-Tag: php-7.2.0alpha1~1314
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8bea911f79dbd63e04586d26b82fe6e1fa5c0422;p=php

Update UPGRADING wrt. [RFC]: Add Argon2 to password_*
---

diff --git a/UPGRADING b/UPGRADING
index d61280a94f..d15c4c922f 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -32,6 +32,10 @@ PHP 7.2 UPGRADE NOTES
 - PCRE:
   . Added `J` modifier for setting PCRE_DUPNAMES.
 
+- Standard:
+  . Simplified password hashing API updated to support Argon2i hashes when PHP is compiled with libargon2
+    (https://wiki.php.net/rfc/argon2_password_hash).
+
 ========================================
 3. Changes in SAPI modules
 ========================================
@@ -44,6 +48,14 @@ PHP 7.2 UPGRADE NOTES
 5. Changed Functions
 ========================================
 
+- Standard:
+  . password_hash() can generate Argon2i hashes when the algorithm is set to PASSWORD_ARGON2I. 
+    When using PASSWORD_ARGON2I, the following cost factors may be set: 'memory_cost', 'time_cost', 
+    and 'threads'. These cost factors will default to 'PASSWORD_ARGON2_DEFAULT_MEMORY_COST', 
+    'PASSWORD_ARGON2_DEFAULT_TIME_COST', and 'PASSWORD_ARGON2_DEFAULT_THREADS' respectively if not set.
+  . password_verify() can verify Argon2i hashes.
+  . password_get_info() and password_needs_rehash() can accept Argon2i hashes.
+
 ========================================
 6. New Functions
 ========================================
@@ -82,6 +94,12 @@ PHP 7.2 UPGRADE NOTES
 10. New Global Constants
 ========================================
 
+- Standard:
+  . PASSWORD_ARGON2_DEFAULT_MEMORY_COST
+  . PASSWORD_ARGON2_DEFAULT_TIME_COST
+  . PASSWORD_ARGON2_DEFAULT_THREADS
+  . PASSWORD_ARGON2I
+
 ========================================
 11. Changes to INI File Handling
 ========================================