add guide for switching between password hashing methods

[dcrck]

Pow has a guide for configuring the password hashing algorithm. There may come a time where people need to switch between password hashing methods (say, bcrypt/pbkdf2 to argon, or Pow's pbkdf2 implementation to pbkdf2_elixir). A guide or snippet on implementing this switch might be helpful.

[danschultzer]

Great idea. It's actually pretty straight forward. You just need a module that accepted deprecated hashing methods in verify function for :password_hash_methods. It could look like this to convert Pow's pbkdf2 impl to Argon2:

defmodule MyApp.Password do
  def hash(secret), do: Argon2.hash_pwd_salt(secret)

  def verify(secret, "$pbkdf2-" <> _ = hash), do: Pow.Ecto.Schema.Password.pbkdf2_verify(secret, hash)
  def verify(secret, "$argon2-" <> _ = hash), do: Argon2. verify_pass(secret, hash)
end

There are other details that should be included in the guide, like automatically hash with the new algo when the user signs if the current has in the db is with the old algo. The above also only works if the algo has been encoded in the hash. If not, then you would probably add a new column to the user that specify what algo or password version is used.