Set argon2 as default hashing algorithm for mix.gen.auth #4471
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Argon2 is now recommended by OWASP as being a modern and secure password hashing algorithm. The OWASP Password Storage page states that the first choice should be Argon2, listing bcrypt as a second option when Argon2 is not available.
This Pull Request sets Argon2 as a default algorithm used in
mix.gen.auth
and updates the test suite accordingly.I decided not to update the default option for Windows as I am unaware of the stability of the Argon2 library on that Operating System.
I tried to follow the contribution guidelines but seeing as this is my first PR to Phoenix I will be happy to change anything that is not as expected.