A nice additional functionality might be a way to create new hashes after validating a password.
This would be a modified version of checkPassword that returns a new hash that has new parameters. (Using Argon2 as a concrete example, the idea would be implemented for all algorithms)
Data.Argon2.checkPasswordRenew
:: Argon2Params
-> Password
-> PasswordHash Argon2
-> Maybe (PasswordHash Argon2)
checkPasswordRenew currentParams pw pwh mNewPwThis would have some way of indicating that the check was successful or not, and if successful it would return the new hash that can be used to overwrite the previously stored hash.
Not quite sure if we'd want to limit it to strengthening passwords, with an opt-in to be able to make passwords weaker; or just to put the responsibility on the user, since there are legitimate reasons to decrease the hashing cost programmatically.
A nice additional functionality might be a way to create new hashes after validating a password.
This would be a modified version of
checkPasswordthat returns a new hash that has new parameters. (Using Argon2 as a concrete example, the idea would be implemented for all algorithms)This would have some way of indicating that the check was successful or not, and if successful it would return the new hash that can be used to overwrite the previously stored hash.
Not quite sure if we'd want to limit it to strengthening passwords, with an opt-in to be able to make passwords weaker; or just to put the responsibility on the user, since there are legitimate reasons to decrease the hashing cost programmatically.