Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch update PHP 7.2 libzip, libsodium & argon2 route

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 17, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    update PHP 7.2 libzip, libsodium & argon2 route

    - For Centmin Mod 123.09beta01 and newer branches, fix PHP 7.2 compiles for libzip + libsodium + argon2 support Beta Branch - Update PHP 7.2. add argon2 password & libsodium support
    - Support is disabled by default as PHP uses embedded libzip zip version. To enable libsodium and argon2 you need to use a newer version of libzip zip library. So to enable set in persistent config file /etc/centminmod/custom_config.inc the variable PHP_LIBZIP='y' and then recompile PHP 7.2 version i.e. 7.2.3 or newer via centmin.sh menu option 5

    Continue reading...

    123.09beta01 branch
     
    • Like Like x 2
  2. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    argon2i support in PHP 7.2.3 with libsodium support for argon2i and argon2id. PHP argon2id native support comes in PHP 7.3+
    Code (Text):
    php -r 'print_r(get_defined_constants());' | grep -i argon
        [PASSWORD_ARGON2I] => 2
        [PASSWORD_ARGON2_DEFAULT_MEMORY_COST] => 1024
        [PASSWORD_ARGON2_DEFAULT_TIME_COST] => 2
        [PASSWORD_ARGON2_DEFAULT_THREADS] => 2
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2
        [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
    


    Code (Text):
    checking for Argon2 support... yes
    checking for Argon2 library... found in /usr/local
    checking for argon2_hash in -largon2... yes
    checking for argon2id_hash_raw in -largon2... yes
    

    Code (Text):
    php --ri sodium
    sodium
    
    sodium support => enabled
    libsodium headers version => 1.0.16
    libsodium library version => 1.0.16

    Code (Text):
    php --ri zip
    zip
    
    Zip => enabled
    Zip version => 1.15.2
    Libzip headers version => 1.5.0
    Libzip library version => 1.5.0
    

    Code (Text):
    ldd $(which php) | grep zip
            libzip.so.5 => /usr/local/lib64/libzip.so.5 (0x00007f586526e000)
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    33,688
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    quick test of argon2i password hashes
    PHP:
    <?php
    $password 
    'test';
    $hash password_hash($passwordPASSWORD_ARGON2I);
    var_dump($hash);
    Code (Text):
    php -f test.php
    string(95) "$argon2i$v=19$m=1024,t=2,p=2$b0d2clhJNUJnWlMvNFg2Sg$U1oy5Kb2vQFAGvIg4bIBS3Eg16OZl9heMfMP4vXnbd0"

    outputted hash string contains 5 sub-string parts, separated by dollar $ sign
    Code (Text):
    php -f test.php 2>&1 | sed -e 's|\$|\n\$|g' -e 's|"$||' | sed -e '/string/d'
    $argon2i
    $v=19
    $m=1024,t=2,p=2
    $QUdRYlRvNm0uRGpxOG8vdA
    $kM5qScosnKsXePWpV8F0XcirKHhFj56WBtyjoGCe0RE
    

    1. first part is the algorithm name (argon2i)
    2. second is the Argon2i version
    3. third part is a list of algorithm parameters related to memory cost (in Kb), time cost, and threads to be used (parallelism).
    4. fourth parameter is the random salt value, encoded in Base64. This value is generated with bypassword_hash() using a random value for each execution. This is why there's different hash outputs for the same input string. The default size of the salt is 16 bytes.
    5. fifth and last parameter of the string contains the hash value, encoded in Base64. The hash size is 32 bytes.
     
..