How can you safely implement a password storage and hashing function?
Implement safe crypto for password storage in any language
You are developper, and want people to be able to create a unique user account, with a password, which they will use to access your application. How can you safely implement this feature?
The easiest solution is to use libsodium, which provides a secure password hashing API in most languages. As of version 1.0.8 it uses the scrypt algorithm, but in the next release (1.0.9) it will also offer Argon2, the most recent, carefully-selected algorithm from the Password Hashing Competition. Libsodium offers bindings for most programming languages C/C++/.NET/Go/Java/Python/PHP/…
libsodium is a modern, high-security, cross-platform, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
Note: There is a published attack on Argon2i, the recommended variant of Argon2 for general purpose password hashing. The practical implications aren’t severe, but it may lead to a new variant (“Argon2x” perhaps, since it would presumably use XOR instead of overwriting memory to mitigate these attacks) being christened and recommended.
If you, for whatever reason, cannot reconcile your requirements with installing libsodium, you have other options : several password hashing libraries in multiple programming languages are also available :