charlesportwoodii
commented
6 years ago There's an outstanding issue upstream I am waiting for a determination on https://github.com/P-H-C/phc-winner-argon2/issues/222.
In the meantime, libsodium supercedes this library. I would recommend libsodium over this now that argon2 is supported there.
https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-3.1
Argon 2 Provides the user with the ability to add a "secret value" or "key" to the hash, in addition to the already existing salt.
This can perfectly serve as a pepper for further securing the password against leaks (attacker gains access to database, SQL injection, whatever)