By the way, after looking at password hashing algorithms and what the experts
say about them, I've decided to implement an interface to the Argon2 library
(see https://password-hashing.net/argon2-specs.pdf for a whitepaper). The
algorithm is designed to be far more resistant against cracking than md5 or
sha-based algorithms and even bcrypt.
The interface is designed to be very easy to use. In the simplest case
(without tuning the algorithm's parameters) password hashing is performed
like this:
hashedPassword := Argon2 new randomizeSalt: 16; hashPassword:
newPassword.
verifying that a user has given the correct password:
ok := Argon2 new verifyPassword: enteredPassword hash: hashedPassword.
Find the code at https://github.com/hamamo/pharo-argon2. Currently it only
has library names for 32-bit and 64-bit Linux - if someone adds MacOSX and
Windows support I would merge that.
Sorry I don't yet know how to use Metacello or other mechanisms to load it
into an image with a few lines of code.
Cheers,
Hans-Martin
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Users-f1310670.html
