password_hash()/password_verify() functions should support yescrypt #12911
Assignees
Labels
Comments
|
This is a reasonable feature request. Just needs someone to create the PR... :) |
|
FWIW, I've started working on this. So far I locally have added support for yescrypt in our crypt() handler when using non-system crypt(). Next up is adding support in password_hash (which uses crypt() for handling the hashes). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Many Linux distributions are moving towards using the yescrypt hash function as a modern hash function for system authentication (it's the default in latest versions of Fedora, Debian, Ubuntu).
PHP's password_hash()/password_verify() functions currently do not support yescrypt. It can be used with crypt() when php is compiled with --with-external-libcrypt which is currently not the default. However, the semantics of crypt() are complicated, and the docs for the crypt() function encourage the use of password_hash(). Therefore, it'd be good if password_hash() would support yescrypt.
The text was updated successfully, but these errors were encountered: