libsodium’s default password hashing algorithm is likely to become Argon2id. Don’t assume that crypto_pwhash_ALG_DEFAULT is a constant.
A function to extract the algorithm ID from the string-encoded hash could be a useful addition, though.
-
-
wdyt of a function that would take the username, a mac-key, and can re-hash passwords when upgrading alg? also mac(username, pw).
-
mac to avoid password substitution attacks across users, built-in upgrade to support agility. Overall less foot-gun-y.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.