Sodium is a more modern alternative to OpenSSL and mcrypt, designed from the start to be resistant to timing attacks, and included in PHP 7.2 by default (while OpenSSL and mcrypt are separate modules). We should make sure MediaWiki makes use of it when it is available and OpenSSL is not.
- Session::setSecret()
- EncryptedPassword