Laravel 5.6 will Support the Argon2i Password Hashing Algorithm

Laravel 5.6 will Support the Argon2i Password Hashing Algorithm

In 2013, cryptographers and security practitioners around the world came together to create an open Password Hashing Competition (PHC) with the goal of selecting one or more password hash functions to be recognized as a recommended standard.

On July 20th, 2015 Argon2 that was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg was selected as the final PHC winner. Argon2 comes in the following three versions:

  • Argon2d maximizes resistance to GPU cracking attacks.
  • Argon2i is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.
  • Argon2id is a hybrid version. It follows the Argon2i approach for the first pass over memory and the Argon2d approach for subsequent passes.

With the release of PHP 7.2 in November of 2017, PHP now includes functions for both the 2d and i version. However, the 2d is not suitable for password hashing.

Laravel 5.6 that is due out next month will now feature Argon2i password hashing support thanks to Michael Lundbøl, and you can find out how it’s implemented through the following pull request.

The old style of bcrypt will continue to be supported and will remain the default, but if you are starting a new project then it might be worth considering using the Argon2i driver once Laravel 5.6 officially makes it release.

Filed in: Laravel 5.6 / Authentication


Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Web Application Developer
Independence, Ohio or Remote - US Based Only
Hurricane Labs
Graduate / Junior PHP Developer
Leamington Spa, Warwick
Laravel Developer
Remote - US only
Web Application Developer
Cleveland, OH
PS Lifestyle
Full-Stack Developer
Tampa, FL / Remote
Nu Image Medical
PHP Developer
Full-Stack Developer
Sioux Falls, SD or Remote
Electric Pulp