Add method to check if a hashed password should be rehashed

[LordMonoxide]

As time goes on you may need to increase your hashing parameters. Old hashes you still have stored should be rehashed at this point, but can only be rehashed when the original password is available. Consider something like this:

pwHash = db->get();
pw = input->get();

if(argon->verify(pwHash, pw)) {
  if(argon->needsRehash(pwHash)) {
    pwHash = argon->hash(...);
    db->update();
  }

  this->login();
}

[sephiroth-j]

A simple needsRehash(owd)method will not work - one has to provide at least the same cost factors as for the hash method. A naive approach could be as follows:

1. extract the cost factors from the provided hash (actual) and compare them to provided factors (expected).
2. return false if all actual factors are greater than or equal to their expected counterparts.
3. return true if one of the actual factors is less than its expected counterpart.

This approach is not compatible with PHP but avoids that an hash with stronger parameters then expected is considered weaken. In PHP all actual and expected factors must be equal.

[phxql]

@sephiroth-j added a needsRehash method. Thank you vermy much! This will be part of the next released version.