[TECH DEBT] Upgrade password hashing

Upgrade password hashing from bcrypt to Argon2
---

## Context

Currently using bcrypt for password hashing (Stage 5 authentication implementation).  
Argon2 is the modern standard (OWASP-recommended as of 2023) and provides better resistance to GPU/ASIC attacks through memory-hardness.

## Motivation

- Argon2 won the Password Hashing Competition (2015)
- More resistant to hardware-accelerated brute-force attacks
- Configurable memory hardness and parallelism
- Industry best practice for new systems

## Proposed Changes

- [ ] Replace bcrypt library with `libargon2` or `argon2-cpp`
- [ ] Update password hashing in `NetMonDaemon` login endpoint
- [ ] Migrate existing bcrypt hashes to Argon2 (or provide migration script)
- [ ] Update `sample-config.yaml` with Argon2 configuration options (memory cost, time cost, parallelism)
- [ ] Update documentation and README with new hashing algorithm
- [ ] Add unit tests for Argon2 hashing and verification

## Priority

Low (future enhancement after Stage 5 completion)

## References

- [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
- [Argon2 Specification](https://github.com/P-H-C/phc-winner-argon2)

---
labels: 'security, tech-debt'
---

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[TECH DEBT] Upgrade password hashing #27

Upgrade password hashing from bcrypt to Argon2

Context

Motivation

Proposed Changes

Priority

References

labels: 'security, tech-debt'

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[TECH DEBT] Upgrade password hashing #27

Description

Upgrade password hashing from bcrypt to Argon2

Context

Motivation

Proposed Changes

Priority

References

labels: 'security, tech-debt'

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions