libsodium’s default password hashing algorithm is likely to become Argon2id. Don’t assume that crypto_pwhash_ALG_DEFAULT is a constant.
-
-
Replying to @jedisct1
Is there a high level API that can handle re-hashing on next use, or nested algorithms? for adaptable pw stores.
2 replies 0 retweets 0 likes -
Replying to @colmmacc
There’s no such API. Not sure that it would be useful. Passwords hashed using Argon2i and decent parameters remain totally fine.
1 reply 1 retweet 2 likes -
I assume crypto_pwhash_verify will be able to handle both then? :)
1 reply 0 retweets 0 likes
Replying to @CiPHPerCoder @colmmacc
Of course, since the algorithm is encoded in the string. This will be completely transparent.
7:09 AM - 29 Mar 2017
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.