Constant-time Base64-encoding for Argon2i password hash

[brycx]

The current encoding and decoding of a PasswordHash in orion::pwhash is not constant-time (also noted in the security section of the docs). It's been in the backlog to implement this, but it seems a viable crate has been released in the meantime: https://github.com/jedisct1/rust-ct-codecs

According to the README, the crate re-implements the encoding formats from libsodium/libhydrogen. It also defines#![forbid(unsafe_code)].

TODO:

• The current base64 crate should be switched out with the above
• The wikis "Dependencies" section should also be updated to reflect this change
• Add tests in https://github.com/brycx/orion-dudect for constant-time execution

[vlmutolo]

Very cool! Glad to see that even the encoding is constant-time now. Will this be added to the automated timing tests?

[brycx]

Will this be added to the automated timing tests?

Good point! Yeah, this could be added to the dudect tests. They also need to be updated regardless, because the GH Actions workflow has stopped because of git-commit-inactivity in that repo. I think those should be running weekly. Adding it to the todos.

[brycx]

Fixed in #189 and constant-time execution tests included in https://github.com/brycx/orion-dudect/pull/6 (still pointing to master branch for Orion, but local tests pass)