Argon2 is a new-generation key derivation algorithm that was designed to resist side-channel (i variants) and GPU brute force (d variants), unlike our current PBKDF2. Now that we have Argon2 support in core, we should talk about protecting our users with it.
- Argon2i requires PHP 7.2
- Argon2id requires PHP 7.3
We need to determine whether we want to wait for PHP 7.3 to get Argon2id, and determine algorithm parameters (memory cost, time cost and thread count).