Basic password hashing. Use pw_hash() to hash and pw_check()
to compare a possible password with the hashed password.
Usage
pw_hash(pass, type = "i")
pw_check(hash, pass)
Arguments
pass
The (plaintext) password.
type
Choice of algorithm; choices are "i" and "d".
hash
The hashed password; this is the output of pw_hash().
Value
pw_hash() returns a hash to be used as an input to pw_check().
pw_check() returns TRUE or FALSE, whether or not
the plaintext password matches its hash.
Details
For more hashing options, see the sodium and bcrypt.
This uses the argon2 (i or d variety) hash algorithm. See references for
details and implementation source code (also bundled with this package).
Our binding uses a 512 bit salt with data generated from MT, a "time cost"
(number of passes) of 16, "memory cost" of 8192 MiB, and 1 thread.
References
Biryukov, A., Dinu, D. and Khovratovich, D., 2015. Fast and
Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password
Hashing. IACR Cryptology ePrint Archive, 2015, p.430.
# NOT RUN {library(argon2)
pass <- "myPassw0rd!"hash <- pw_hash(pass)
hash # store this
pw_check(hash, pass)
pw_check(hash, "password")
pw_check(hash, "1234")
# }# NOT RUN {# }