I've been surveying bcrypt/scrypt/PBKDF2/Argon2 implementations in various languages. I think this project could benefit from a human-usable password hashing interface.
I'd propose the following:
- Create a wrapper for
password_hash()) that returns a string rather than a byte array.
- Create a
scrypt.password_verify()function that recalculates the password hash and then compares it with the given hash, using
I can follow up with a pull request, if you prefer.