libsodium’s default password hashing algorithm is likely to become Argon2id. Don’t assume that crypto_pwhash_ALG_DEFAULT is a constant.
wdyt of a function that would take the username, a mac-key, and can re-hash passwords when upgrading alg? also mac(username, pw).
-
-
mac to avoid password substitution attacks across users, built-in upgrade to support agility. Overall less foot-gun-y.
-
That would be useful indeed, along with the ability to encrypt salts and hashes. Gonna see if I can design a unified API for this.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.