Migrate password algorithm
Migrate legacy passwords to the latest hash algorithms.
In order to protect passwords, it is recommended to store them using the latest hash algorithms. This means that if a better hash algorithm is supported on your system, the user's password should be rehashed using the newer algorithm and stored.
Password algorithm
Supported values are: ``bcrypt`` (default), ``sodium``, ``argon2i``, ``argon2id``
|Algorithm|Description|
|---------|---------|
|**bcrypt**|It produces hashed passwords with the bcrypt password hashing function. Hashed passwords are 60 characters long, so make sure to allocate enough space for them to be persisted. |
|**sodium**|It uses the Argon2 key derivation function. Argon2 support was introduced in PHP 7.2 by bundling the libsodium extension. Hashed passwords are 96 characters long, but this may change in the future, so make sure to allocate enough space for them to be persisted.|
|**argon2i**|Use the Argon2i hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.|
|**argon2id**|Use the Argon2id hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.|
Password cost (4-31)
The algorithmic cost, it is an integer in the range of 4-31 (by default, 13). Each single increment of the cost doubles the time it takes to hash a password. It's designed this way so the password strength can be adapted to the future improvements in computation power.
Password time cost (>=3)
For ``argon2i`` or ``argon2id`` only. Maximum amount of time it may take to compute the Argon2 hash. Value must be >=3, default is 4.
Password memory cost (kibibytes) (>=10)
For ``argon2i`` or ``argon2id`` only. Maximum memory (in kibibytes) that may be used to compute the Argon2 hash. Value must be >=10, default is 64.