libsodium’s default password hashing algorithm is likely to become Argon2id. Don’t assume that crypto_pwhash_ALG_DEFAULT is a constant.
Is there a high level API that can handle re-hashing on next use, or nested algorithms? for adaptable pw stores.
-
-
A function to extract the algorithm ID from the string-encoded hash could be a useful addition, though.
-
wdyt of a function that would take the username, a mac-key, and can re-hash passwords when upgrading alg? also mac(username, pw).
- 2 more replies
New conversation -
-
-
There’s no such API. Not sure that it would be useful. Passwords hashed using Argon2i and decent parameters remain totally fine.
-
I assume crypto_pwhash_verify will be able to handle both then? :)
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.