crypto_pwhash_*API currently leverages the Argon2id function on all platforms. This can change at any point in time, but it is guaranteed that a given version of libsodium can verify all hashes produced by all previous versions, from any platform. Applications don't have to worry about backward compatibility.
crypto_pwhash_scryptsalsa208sha256_*API uses the more conservative and widely deployed Scrypt function.
ph = password_hash(password, seed)and sends
phto the server.
password_hashis a password hashing function tuned for the maximum memory and CPU usage the client can handle. The server stores the seed and
password_hash'(ph, seed)for this user account.
password_hash'is a password hashing function, whose parameters can be tuned for low memory and CPU usage.
crypto_generichash(), with a key, and the user name as the message). The client computes
ph = password_hash(password, seed)and sends it to the server. The server computes
password_hash'(ph, seed)and compares it against what was stored in the database.