Use libsodium. Cryptographic configuration is WIP.

shard.yml

@@ -16,6 +16,9 @@ targets:
 crystal: 1.7.1
 
 dependencies:
+  sodium:
+    branch: master
+    github: didactic-drunk/sodium.cr
   grok:
     github: spinscale/grok.cr
   passwd:

src/requests/login.cr

@@ -1,3 +1,5 @@
+require "sodium"
+
 class AuthD::Request
 	def self.perform_login(authd : AuthD::Service, fd : Int32, user : AuthD::User)
 		user.date_last_connection = Time.local
@@ -38,7 +40,12 @@ class AuthD::Request
 				return Response::ErrorInvalidCredentials.new
 			end
 
-			if user.password_hash != authd.hash_password @password
+			pwhash = Sodium::Password::Hash.new
+			hash = Base64.decode user.password_hash
+
+			begin
+				pwhash.verify hash, @password
+			rescue
 				return Response::ErrorInvalidCredentials.new
 			end
 

src/service.cr

@@ -1,4 +1,5 @@
 require "./authd.cr"
+require "sodium"
 
 extend AuthD
 
@@ -59,12 +60,21 @@ class AuthD::Service < IPC
 		self.service_init "auth"
 	end
 
-	def hash_password(password : String) : String
+	def obsolete_hash_password(password : String) : String
 		digest = OpenSSL::Digest.new "sha256"
 		digest << password
 		digest.hexfinal
 	end
 
+	def hash_password(password : String) : String
+		pwhash = Sodium::Password::Hash.new
+
+		hash = pwhash.create password
+		pwhash.verify hash, password
+
+		Base64.strict_encode hash
+	end
+
 	# new_uid reads the last given UID and returns it incremented.
 	# Splitting the retrieval and record of new user ids allows to
 	# only increment when an user fully registers, thus avoiding a