-
-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not installable without ARGON2 support #122
Comments
Hm, i thought ext-sodium ( which is required by this library ) + php >= 7.4 would mean argon is enabled by default ( https://wiki.php.net/rfc/sodium.argon.hash ) 🤔 what method did you use to install PHP? are you building it yourself? |
it doesn't come with sodium, no. |
i've recompiled anyway, so feel free to close. |
This definitely needs to be handled in a nicer way, i will leave it open until i figure out how to do so. However, the official PHP build should contain support for argon2 if it contains sodium extension, so this is probably an issue that only people compiling their own PHP binaries will face. |
This is hitting me on CI and re/building PHP is not something I would want to do unless I really need argon2. |
i will try finding a fix later this week, as for now, PRs are welcome :) |
Is that a thing though? I thought PHP project did not provide any builds whatsoever apart from their Windows builds. And distro builds can vary a lot. |
no, you can find tarballs here: https://www.php.net/downloads tho, i personally build my own binaries but with all almost all options enabled. |
Tarballs are not builds, so that actually a 'yes' 😉 |
ah, yea. but i still can't figure out how people compile PHP with ext-sodium ( which is required in composer.json ), but without argon2, since PHP 7.4, ext-sodium provides a fallback mechanism for argon2 when PHP is compiled without libargon ( RFC: https://wiki.php.net/rfc/sodium.argon.hash ) |
okay, it seems PHP does this only with libsodium newer than 9.6 ( https://github.com/php/php-src/pull/4012/files#diff-3fe4027560fd299248af1dc1efe04287cc2b6418e8f01755c05c9db64b668b1eR646-R650 ), so now i'm wonder if require ext-sodium ^9.2 is really a good solution here... |
In my case it turned out I was using different PHP binaries for installation and run time (phpenv can cause funny problems sometimes), so it's no longer an issue for me. |
This issue has been fixed in 2.0.0, fixing it in 1.9 will result in BC breaks, so there's nothing can be done. |
Thanks for all comments I have an idea: In base of this post Link
if(defined('PASSWORD_ARGON2ID')) {
$hash = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} else {
$hash = password_hash('password123', PASSWORD_DEFAULT, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} so if change the
all the process for the new version pass the all the test in the code? it's only an idea :D |
Is your feature request related to a problem? Please describe.
Hi there,
This library is not install-able unless argon2 support has been compiled into php.
Otherwise, we will receive:
Describe the solution you'd like
Would you be open to conditionally supporting the argon2 password hashing, only if argon 2 support is available?
I want to use the iter/arr methods of this library - i don't really care about not having argon2 support.
Describe alternatives you've considered
compile in argon2 support before requiring psl.
The text was updated successfully, but these errors were encountered: