[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Argon2 Password Hashing

Simon Levermann wrote:
2) Libsodium exposes an API for random-number-generation. Should I use
this API for generating the salt when using argon2, or should I always
use the openldap-builtin lutil_entropy?

Salts are not sensitive data, they're always stored in the clear anyway. The only property they're required to have is to be unique among a given population of users/passwords. lutil_entropy is preferable just for uniformity, but it's not really critical. You could use anything, as long as you're not using something like this https://www.xkcd.com/221/ .

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/