Increase default time cost for argon2 password hashing

author: Sara Golemon <pollita@php.net> 2019-03-27 00:07:55 -0400
committer: Sara Golemon <pollita@php.net> 2019-03-27 00:36:19 -0400
commit: d12464070460086329e93f632aed2f16daa52600 (patch)
tree: 4d6e8aaac3ba5c9b7f520436279dc060e8ce2195
parent: f177a2ac586124374e13b93da0c0b9e0e4980ff6 (diff)
download: php-git-d12464070460086329e93f632aed2f16daa52600.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 24e9ec2182..225c9b6ad7 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ PHP                                                                        NEWS
     (Ryan McCullagh, Nikita)
   . Fixed bug #75921 (Inconsistent: No warning in some cases when stdObj is
     created on the fly). (David Walker)
+  . Increased default time_cost for argon2i(d) password_hash to 3. (Sara)
 
 - COM:
   . Deprecated registering of case-insensitive constants from typelibs. (cmb)
diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
index ecb34780c7..46ed4f0368 100644
--- a/ext/standard/php_password.h
+++ b/ext/standard/php_password.h
@@ -34,7 +34,7 @@ PHP_MSHUTDOWN_FUNCTION(password);
 
 #if HAVE_ARGON2LIB
 #define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
-#define PHP_PASSWORD_ARGON2_TIME_COST 2
+#define PHP_PASSWORD_ARGON2_TIME_COST 3
 #define PHP_PASSWORD_ARGON2_THREADS 2
 #endif
author	Sara Golemon <pollita@php.net>	2019-03-27 00:07:55 -0400
committer	Sara Golemon <pollita@php.net>	2019-03-27 00:36:19 -0400
commit	d12464070460086329e93f632aed2f16daa52600 (patch)
tree	4d6e8aaac3ba5c9b7f520436279dc060e8ce2195
parent	f177a2ac586124374e13b93da0c0b9e0e4980ff6 (diff)
download	php-git-d12464070460086329e93f632aed2f16daa52600.tar.gz