Password Hashing
Password hashing was done with argon2id
in all versions prior to v8.7.0. In versions v8.7.0 and above, BLAKE3-Balloon hashing is used. Both modes use a 16-byte salt to derive the hashed key. Once a key has been hashed, it is dropped and zeroed out via the zeroize
crate to ensure it stays in memory no longer than required.
You are able to use argon2id
for hashing as of v8.8.0, via the --argon
switch.
Handling the Hash
The hash is wrapped in Protected<>
, which means it can only be exposed when called for in the program. It is only ever exposed to the cryptographic ciphers, and it is dropped right after. We use a custom Protected<>
wrapper which implements zeroize-on-drop, to ensure that all sensitive information is removed from memory once it is no longer required.