From d12464070460086329e93f632aed2f16daa52600 Mon Sep 17 00:00:00 2001
From: Sara Golemon <pollita@php.net>
Date: Wed, 27 Mar 2019 00:07:55 -0400
Subject: [PATCH] Increase default time cost for argon2 password hashing

---
 NEWS                        | 1 +
 ext/standard/php_password.h | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 24e9ec2182..225c9b6ad7 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ PHP                                                                        NEWS
     (Ryan McCullagh, Nikita)
   . Fixed bug #75921 (Inconsistent: No warning in some cases when stdObj is
     created on the fly). (David Walker)
+  . Increased default time_cost for argon2i(d) password_hash to 3. (Sara)
 
 - COM:
   . Deprecated registering of case-insensitive constants from typelibs. (cmb)
diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
index ecb34780c7..46ed4f0368 100644
--- a/ext/standard/php_password.h
+++ b/ext/standard/php_password.h
@@ -34,7 +34,7 @@ PHP_MSHUTDOWN_FUNCTION(password);
 
 #if HAVE_ARGON2LIB
 #define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
-#define PHP_PASSWORD_ARGON2_TIME_COST 2
+#define PHP_PASSWORD_ARGON2_TIME_COST 3
 #define PHP_PASSWORD_ARGON2_THREADS 2
 #endif
 
-- 
2.50.1