What PHP 7.2 Brings: Argon2i Hashing, libsodium, and Key Improvements

PHP is often called “the world’s best language,” and many developers love it; the author is a fan and highlights the new features introduced in PHP 7.2.

Security improvements

PHP 7.2 deprecates the insecure sha1() and md5() functions and encourages the use of password_hash('password', PASSWORD_ARGON2I). The Argon2i algorithm also supports custom options:

$options = [
    'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
    'time_cost'   => PASSWORD_ARGON2_DEFAULT_TIME_COST,
    'threads'     => PASSWORD_ARGON2_DEFAULT_THREADS,
];
password_hash('password', PASSWORD_ARGON2I, $options);

The Argon2i algorithm addresses previous hashing weaknesses by requiring higher memory usage.

libsodium is now bundled as a core extension, providing modern cryptographic primitives.

mcrypt removal

The mcrypt extension has been removed because it hindered PHP’s evolution.

Improvements to SSL/TLS constants have also been added.

Language feature enhancements

Calling count() on a scalar now triggers a warning. PHP 7.2 introduces the object type hint for parameters and return types.

The hash extension now uses a HashContext object instead of a resource.

Issues with numeric string keys in arrays and objects have been fixed: keys are automatically cast to the appropriate type, eliminating access problems.