Big +1 from me. Especially moving argon stuff to ext/sodium (removing libargon2 dep. and using libsodium implementation)
A password hashing API should be able to 1) encrypt hashes 2) provide a way to upgrade hashes without knowing the password 3) estimate the work factor to refuse parameters way too high for the host. And good to have: 4) support server relief. Hope PHP will do all these some day!
-
-
Libhydrogen does 1) 2) and 3) with 4) being worked on. I think this is a big improvement over common password hashing APIs even though it doesn’t prevent servers from seeing cleartext passwords (even with 4)).
-
This Tweet is unavailable.
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.