Closed NullVoxPopuli closed 6 years ago
julien-f
commented
6 years ago Hi there!
It's certainly subjective but I don't see how it's misleading :stuck_out_tongue:
I believe it's the right way because this API (inspired by the PHP API) does not require crypto knowledge of the user, it's provides a way to hash/check/rehash password with the best configuration.
Any input regarding the implementation is more than welcome though :slightly_smiling_face:
NullVoxPopuli
commented
6 years ago I believe it's the right way because this API (inspired by the PHP API) does not require crypto knowledge of the user, it's provides a way to hash/check/rehash password with the best configuration.
that's what NaCl / libsodium is for.
implementing your own crypto is very dangerous. :-\
julien-f
commented
6 years ago I did not implement my own crypto, hashy is using both argon2 and bcrypt.
Hashy simply provides a extremely simple API to hash password without any knowledge, not even having to now what Argon2i/Argon2d/bcrypt/… are.
It provides a well define workflow for creating, verifying and even rehashing password to new algorithms/options standards.
NullVoxPopuli
commented
6 years ago oh ok. I'm good with that then. Is that anywhere on the readme?
julien-f
commented
6 years ago Supported algorithms are mentioned but not the specific libraries.
Feel free to send a PR if you want something more explicit :slightly_smiling_face:
Currently, the description is
Hash passwords the right way (Argon2 & bcrypt support)see: https://crackstation.net/hashing-security.htm
Also,