In Symfony 3.4 we added an Argon2i password hasher as a modern replacement of
the Bcrypt hasher. Argon2i support is provided through the libsodium library,
which selects the Argon2 variant (argon2d, argon2i or argon2id) automatically
based on the host system.
Given that the Argon2 variant selection is out of Symfony’s control, in Symfony
4.3 we’ve decided to not add an
Argon2idPasswordEncoder, to deprecate the
Argon2iPasswordEncoder class and to add instead a generic
This new encoder relies on libsodium to select the best possible Argon2 variant.
In practice, the only change you’ll need to make in most of your applications is
to update the name of the hashing algorithm in the main security config file:
1 2 3 4 5 6 7
# config/packages/security.yaml security: # ... encoders: App\Entity\User: - algorithm: argon2i + algorithm: sodium
All the existing Argon2i configuration options are still available under the
sodium algorithm name.
[risorsa: Symfony Blog http://bit.ly/2Gq9O2O ]