Not installable without ARGON2 support about psl HOT 14 CLOSED

In my case it turned out I was using different PHP binaries for installation and run time (phpenv can cause funny problems sometimes), so it's no longer an issue for me.

from psl.

Thanks for all comments I have an idea:

In base of this post Link

This algorithm is only available if PHP has been compiled with Argon2 support. - password_hash

If you want to use it whenever it is available, I would recommend to check with defined or else fallback to a default algorithm.

if(defined('PASSWORD_ARGON2ID')) {
    $hash = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} else {
    $hash = password_hash('password123', PASSWORD_DEFAULT, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
}

so if change the PASSWORD_ARGON2ID to PASSWORD_DEFAULT in the file:

azjezz/psl/src/Psl/Password/constants.php

all the process for the new version pass the all the test in the code?

it's only an idea :D

from psl.

Hm, i thought ext-sodium ( which is required by this library ) + php >= 7.4 would mean argon is enabled by default ( https://wiki.php.net/rfc/sodium.argon.hash ) 🤔

what method did you use to install PHP? are you building it yourself?

from psl.

it doesn't come with sodium, no.
php needs to be compiled with --with-password-argon2 which i'm doing with https://phpbrew.github.io/phpbrew/

from psl.

i've recompiled anyway, so feel free to close.
but it may be nice to handle this failure a bit more nicely than a fatal

from psl.

This definitely needs to be handled in a nicer way, i will leave it open until i figure out how to do so.

However, the official PHP build should contain support for argon2 if it contains sodium extension, so this is probably an issue that only people compiling their own PHP binaries will face.

from psl.

This is hitting me on CI and re/building PHP is not something I would want to do unless I really need argon2.

from psl.

i will try finding a fix later this week, as for now, PRs are welcome :)

from psl.

However, the official PHP build should contain support for argon2

Is that a thing though? I thought PHP project did not provide any builds whatsoever apart from their Windows builds. And distro builds can vary a lot.

from psl.

thought PHP project did not provide any builds whatsoever apart from their Windows builds.

no, you can find tarballs here: https://www.php.net/downloads

tho, i personally build my own binaries but with all almost all options enabled.

from psl.

no, you can find tarballs

Tarballs are not builds, so that actually a 'yes' 😉

from psl.

ah, yea.

but i still can't figure out how people compile PHP with ext-sodium ( which is required in composer.json ), but without argon2, since PHP 7.4, ext-sodium provides a fallback mechanism for argon2 when PHP is compiled without libargon ( RFC: https://wiki.php.net/rfc/sodium.argon.hash )

from psl.

okay, it seems PHP does this only with libsodium newer than 9.6 ( https://github.com/php/php-src/pull/4012/files#diff-3fe4027560fd299248af1dc1efe04287cc2b6418e8f01755c05c9db64b668b1eR646-R650 ), so now i'm wonder if require ext-sodium ^9.2 is really a good solution here...

from psl.

This issue has been fixed in 2.0.0, fixing it in 1.9 will result in BC breaks, so there's nothing can be done.

from psl.