* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set
the algorithm to Argon2.
According to libsodium's documentation, the original 'crypto_pwhash_str()'
only guarantees a "memory-hard, CPU-intensive hash function", but not
necessarily Argon2. Although in released versions of libsodium Argon2 is
the only implemented backend, this may chane in the future.
* multiply the 'memory' parameter by 1024 to align it with the libargon2
implementation. The objective is to have consistent configuration in
OpenLDAP's pw-argon2 module no matter what backend implementation is used.
Signed-off-by: Peter Marschall <peter@adpm.de>
This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.
This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.
