Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Expose crypto_pwhash with libsodium 1.0.9 and newer #73
Just one thing:
The scrypt string format has a fixed length no matter what the parameters are.
The argon2 string format has a variable length, because parameters are directly stored as decimal values. That's a bit annoying, but it's probably too late for them to change the specifications.
I'm not sure whether the PHP bindings should return a fixed-length string, with the padding, or just the required string length. Your code currently does the former. This is fine, but these extra zeros have to be removed or escaped in order to appear in SQL queries, which is not an unreasonable way to use the output of these functions.
Ah, yeah, thanks for pointing that out.
Then the right thing to do, in my opinion, is strip the excess
Well, it kind of is. :)