auth/password_argon2.ts view source
PasswordHashDeps Argon2id implementation of PasswordHashDeps.
Pass as password in AppDeps / CreateAppBackendOptions for production use.
auth/password_argon2.ts
Argon2id password hashing implementation.
Uses @node-rs/argon2 for native performance with OWASP-recommended parameters.
Includes timing attack resistance via verify_dummy.
Import argon2_password_deps for use as PasswordHashDeps in AppDeps.
Declarations #
4 declarations
argon2_password_deps #
argon2_password_deps
hash_password #
hash_password
auth/password_argon2.ts view source
(password: string): Promise<string> Hash a password using Argon2id.
password
the plaintext password to hash
type
stringreturns
Promise<string> the Argon2id hash string
verify_dummy #
verify_dummy
auth/password_argon2.ts view source
(password: string): Promise<boolean> Verify a password against a dummy hash for timing attack resistance.
Always returns false, but takes the same time as a real verification.
Call when account lookup fails to prevent timing-based user enumeration.
password
the plaintext password to "verify"
type
stringreturns
Promise<boolean> always false
verify_password #
verify_password
auth/password_argon2.ts view source
(password: string, password_hash: string): Promise<boolean> Verify a password against an Argon2id hash.
password
the plaintext password to verify
type
stringpassword_hash
the Argon2id hash to verify against
type
stringreturns
Promise<boolean> true if the password matches