password_hash()/password_verify() functions should support yescrypt

[hannob]

Description

Many Linux distributions are moving towards using the yescrypt hash function as a modern hash function for system authentication (it's the default in latest versions of Fedora, Debian, Ubuntu).

PHP's password_hash()/password_verify() functions currently do not support yescrypt. It can be used with crypt() when php is compiled with --with-external-libcrypt which is currently not the default. However, the semantics of crypt() are complicated, and the docs for the crypt() function encourage the use of password_hash(). Therefore, it'd be good if password_hash() would support yescrypt.

[bukka]

This is a reasonable feature request. Just needs someone to create the PR... :)

[nielsdos]

FWIW, I've started working on this. So far I locally have added support for yescrypt in our crypt() handler when using non-system crypt(). Next up is adding support in password_hash (which uses crypt() for handling the hashes).