On Mon, Mar 25, 2019 at 10:18 PM Sara Golemon wrote:
> ...snip...
> So that's a long winded way of asking, does anyone see an issue with upping
> the default time cost for argon2 to a higher number? (e.g. "3")
> ...snip...
> The only negative impact is that password hashing becomes a slightly mor
In sitting down to expose libsodium's argon2i password hashing function via
password_hash(), I discovered two things.
The first is that it doesn't seem to support Argon2id for password storage
the way we use it in password_hash(). Bummer, but that's a conversation to
have with Frank, and there's
