Enhanced Cryptography Features

In an effort to prevent developers from using cryptographic functions in an insecure or even broken way, the three hashing functions hash_hmac(), hash_hmac_file() as well as hash_pbkdf2() no longer accept non-cryptographic hashes.

As of PHP 7.1.2, a new hash function, hash_hkdf(), is available to generate a HKDF key derivation of a supplied key input. It can be used to create keys suitable to use in encrypt-then-HMAC scenarios using AES-256 for encryption and SHA-256 authentication.

PHP 7.2 comes bundled with the Sodium cryptographic library (libsodium). libsodium is a modern and relatively easy-to-use software library for encryption, decryption, signatures, and password hashing.

Explaining all its powerful features and –at least to some extent– the required cryptographic principles behind them is, unfortunately, way beyond the scope of this book.

Luckily, a very thorough online documentation for the sodium extension can be found online at https://paragonie.com/book/pecl-libsodium.