PHP 7.2 is planned to be released on 30th November 2017. And it comes with two new security features in the core, several smaller improvements and some language legacy clean-ups. In the article, I will describe what the improvements and changes are. I read the RFCs, discussions on internals and PRs on Github, so you don’t have to.
The two security-related features are Argon2 Password Hashing and the integration of Libsodium as a core extension.
- The Zend Framework Website sports a nice and short article on How to protect passwords with Argon2 in PHP 7.2.
- The Paragon Initiative has an extended guide on Using Libsodium in PHP Projects (*)
(*) Using the “old” version of the extension, meaning you’ll have to rename some functions and constants to get it working.