From 62b40adde91d2767809e41d53478d620e232e65f Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 25 Jan 2025 13:05:42 +0000
Subject: [PATCH] Switch new password default to Argon2id

---
 cmd/pwtool/main.go      | 2 +-
 pwhash/argon2.go        | 6 +++---
 pwhash/password.go      | 4 ++--
 pwhash/password_test.go | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/cmd/pwtool/main.go b/cmd/pwtool/main.go
index 7f3a5a0..1588661 100644
--- a/cmd/pwtool/main.go
+++ b/cmd/pwtool/main.go
@@ -86,7 +86,7 @@ func mkhash() (pwhash.PasswordHash, string, error) {
 	name := *algo
 	switch *algo {
 	case "argon2":
-		h = pwhash.NewArgon2WithParams(uint32(*argon2Time), uint32(*argon2Mem*1024), uint8(*argon2Threads))
+		h = pwhash.NewArgon2StdWithParams(uint32(*argon2Time), uint32(*argon2Mem*1024), uint8(*argon2Threads))
 		name = fmt.Sprintf("%s(%d/%d/%d)", *algo, *argon2Time, *argon2Mem, *argon2Threads)
 	case "scrypt":
 		h = pwhash.NewScryptWithParams(*scryptN, *scryptR, *scryptP)
diff --git a/pwhash/argon2.go b/pwhash/argon2.go
index 1a7de11..5c53eec 100644
--- a/pwhash/argon2.go
+++ b/pwhash/argon2.go
@@ -43,8 +43,8 @@ func newArgon2PasswordHash(kind string, keySize int, time, mem uint32, threads u
 }
 
 // NewArgon2 returns an Argon2i-based PasswordHash using the default parameters.
-func NewArgon2() PasswordHash {
-	return NewArgon2WithParams(
+func NewArgon2Legacy() PasswordHash {
+	return NewArgon2LegacyWithParams(
 		defaultArgon2Params.Time,
 		defaultArgon2Params.Memory,
 		defaultArgon2Params.Threads,
@@ -53,7 +53,7 @@ func NewArgon2() PasswordHash {
 
 // NewArgon2WithParams returns an Argon2i-based PasswordHash using the
 // specified parameters for time, memory, and number of threads.
-func NewArgon2WithParams(time, mem uint32, threads uint8) PasswordHash {
+func NewArgon2LegacyWithParams(time, mem uint32, threads uint8) PasswordHash {
 	return newArgon2PasswordHash(kindArgon2I, argonLegacyKeySize, time, mem, threads, &a2LegacyCodec{})
 }
 
diff --git a/pwhash/password.go b/pwhash/password.go
index 8c0b911..dee3839 100644
--- a/pwhash/password.go
+++ b/pwhash/password.go
@@ -52,7 +52,7 @@ var prefixRegistry = map[string]PasswordHash{
 	"$5$":        NewSystemCrypt(),
 	"$6$":        NewSystemCrypt(),
 	"$s$":        NewScrypt(),
-	"$a2$":       NewArgon2(),
+	"$a2$":       NewArgon2Legacy(),
 	"$argon2i$":  NewArgon2Std(),
 	"$argon2id$": NewArgon2Std(),
 }
@@ -74,7 +74,7 @@ func ComparePassword(encrypted, password string) bool {
 var DefaultEncryptAlgorithm PasswordHash
 
 func init() {
-	DefaultEncryptAlgorithm = NewArgon2()
+	DefaultEncryptAlgorithm = NewArgon2Std()
 }
 
 // Encrypt will encrypt a password with the default algorithm.
diff --git a/pwhash/password_test.go b/pwhash/password_test.go
index cef83a6..20dd506 100644
--- a/pwhash/password_test.go
+++ b/pwhash/password_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 )
 
-func TestArgon2(t *testing.T) {
-	testImpl(t, NewArgon2())
+func TestArgon2Legacy(t *testing.T) {
+	testImpl(t, NewArgon2Legacy())
 }
 
 func TestArgon2Std(t *testing.T) {
@@ -102,7 +102,7 @@ func BenchmarkArgon2(b *testing.B) {
 	for _, tp := range testParams {
 		name := fmt.Sprintf("%d/%d/%d", tp.Time, tp.Memory, tp.Threads)
 		b.Run(name, func(b *testing.B) {
-			h := NewArgon2WithParams(tp.Time, tp.Memory, tp.Threads)
+			h := NewArgon2StdWithParams(tp.Time, tp.Memory, tp.Threads)
 			encPw := h.Encrypt(goodPw)
 
 			b.ResetTimer()
-- 
GitLab