Differences to hashes

[TheAlgorythm]

Please clarify in the README's why this crate is recommended for passwords.
This surprises me especially as this crate, as far as I know, doesn't support pepper.
Therefore, I am interested if there is a security reason to not use something like Blake2b or if it makes it only easier to do everything right.

[tarcieri]

The toplevel README links to the OWASP Password Storage Cheat Sheet, which should answer all of your questions. Namely it covers:

• How Attackers Crack Password Hashes
• How to implement peppering by composition
• Recommended Password Hashing Algorithms

We previously considered maintaining more extensive documentation for this (#48) but decided the OWASP guide already covered all of this information. However, perhaps we could feature it more prominently.

[TheAlgorythm]

The only downside of hashes I see is that it doesn't support Argon2.
But then I don't see an architectural benefit in using this as I can't use PasswordHash with verify_password since the hash needs to be HMACed. So with a pepper it's even a bit more complicated. Maybe it would be possible to implement a pepper with MAC here?

[tarcieri]

Adding support for pepper to the password-hash crate is an interesting suggestion. Maybe make a feature request for it on https://github.com/RustCrypto/traits ?

[TheAlgorythm]

Yeah, I can do that. But I am not sure wether it should be more a separate trait or an extension to the current system?

[tarcieri]

It could be part of the existing traits

[tarcieri]

Discussion moved to RustCrypto/traits#694