Laravel 5.6 will Support the Argon2i Password Hashing Algorithm

Laravel 5.6 will Support the Argon2i Password Hashing Algorithm

In 2013, cryptographers and security practitioners around the world came together to create an open Password Hashing Competition (PHC) with the goal of selecting one or more password hash functions to be recognized as a recommended standard.

On July 20th, 2015 Argon2 that was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg was selected as the final PHC winner. Argon2 comes in the following three versions:

  • Argon2d maximizes resistance to GPU cracking attacks.
  • Argon2i is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.
  • Argon2id is a hybrid version. It follows the Argon2i approach for the first pass over memory and the Argon2d approach for subsequent passes.

With the release of PHP 7.2 in November of 2017, PHP now includes functions for both the 2d and i version. However, the 2d is not suitable for password hashing.

Laravel 5.6 that is due out next month will now feature Argon2i password hashing support thanks to Michael Lundbøl, and you can find out how it’s implemented through the following pull request.

The old style of bcrypt will continue to be supported and will remain the default, but if you are starting a new project then it might be worth considering using the Argon2i driver once Laravel 5.6 officially makes it release.

Filed in: Laravel 5.6 / Authentication

Newsletter

Join 31,000+ others and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Laravel Developer
Remote
FPV Exchange
Senior Full-Stack Developer
Remote, USA Only
Givebutter
Full Stack Web Developer
Greenville, TX (or Remote, US)
Innovation First International, Inc.
Senior Software Developer
UK/Germany Only
The Greenhouse People Ltd
Senior PHP Developer
Cary, NC
INE