https://bugs.openldap.org/show_bug.cgi?id=9206
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- • 40ce9a46 by Peter Marschall at 2020-04-14T09:26:19-07:00 ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation
* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set the algorithm to Argon2. According to libsodium's documentation, the original 'crypto_pwhash_str()' only guarantees a "memory-hard, CPU-intensive hash function", but not necessarily Argon2. Although in released versions of libsodium Argon2 is the only implemented backend, this may chane in the future. * multiply the 'memory' parameter by 1024 to align it with the libargon2 implementation. The objective is to have consistent configuration in OpenLDAP's pw-argon2 module no matter what backend implementation is used.
Signed-off-by: Peter Marschall peter@adpm.de
• 64856677 by Ryan Tandy at 2020-04-14T09:26:19-07:00 ITS#9206 Initialize libsodium before calling its functions
• 307b06ff by Ryan Tandy at 2020-04-14T09:26:19-07:00 ITS#9206 Convert libsodium default memlimit to KiB
• 0ec42b08 by Ryan Tandy at 2020-04-14T09:26:19-07:00 ITS#9206 Use argon2id default values explicitly