Open thangngoc89 opened 3 years ago
Thanks! I will give this a thorough look as we address the auth gap. We need this or something like it for simple password authentication (as opposed to social login or TOTP).
This issue or work related to it is also a good opportunity to make sure argon2 can be linked properly in all environments and on all systems. The comment is based on the difficulties linking with it observed on Discord. libargon2 should probably be vendored as done with libuv in Luv, if at all possible.
I have made an esy-argon2 package here https://github.com/thangngoc89/esy-argon2 . You can install it in any esy project to get libargon2 without messing up with your OS package manager. Though I didn’t test this on Windows so I might now work
Update: libsodium provides pwhash* functions that uses argon2 under the hood.
ocaml-sodium exposes it but iirc, it’s only argon2i , works need to be done to expose argon2d and argon2id
I believe that a good first step in an authentication system would be having secure password hashing function according to latest security recommendation. I've spent several hours making one for my Dream server so I want to share it here for feedbacks:
The interface looks like this:
Here is this gist for full implementation
By default calling
hash
with a string would userecommend_params
.