From c8d02d843117e7a598e27e476e239dfabb155a82 Mon Sep 17 00:00:00 2001
From: Daniel Togey <dannykosgei@gmail.com>
Date: Thu, 11 Dec 2025 19:50:51 +0300
Subject: [PATCH] use argon for hashing

---
 go.mod                          | 6 +++++-
 go.sum                          | 4 ++++
 internal/generator/generator.go | 8 +++++---
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index b205d34..1af313f 100644
--- a/go.mod
+++ b/go.mod
@@ -2,9 +2,13 @@ module github.com/danielkosgei/detergen
 
 go 1.25.4
 
-require github.com/spf13/cobra v1.10.2
+require (
+	github.com/spf13/cobra v1.10.2
+	golang.org/x/crypto v0.46.0
+)
 
 require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.9 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 )
diff --git a/go.sum b/go.sum
index a6ee3e0..17eae29 100644
--- a/go.sum
+++ b/go.sum
@@ -7,4 +7,8 @@ github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiT
 github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/internal/generator/generator.go b/internal/generator/generator.go
index ff56425..a2340a5 100644
--- a/internal/generator/generator.go
+++ b/internal/generator/generator.go
@@ -1,8 +1,9 @@
 package generator
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
+
+	"golang.org/x/crypto/argon2"
 )
 
 // create a deterministic 8-character password with optional salt
@@ -12,8 +13,9 @@ func Generate(baseWord string, salt string, length int) string {
 		input = baseWord + salt
 	}
 
-	hash := sha256.Sum256([]byte(input))
-	hashString := hex.EncodeToString(hash[:])
+	// use Argon2id, parameters: time=3, memory=256mb, threads=4
+	hash := argon2.IDKey([]byte(input), []byte("detergen-v1"), 3, 256*1024, 4, 32)
+	hashString := hex.EncodeToString(hash)
 
 	uppercase := "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	lowercase := "abcdefghijklmnopqrstuvwxyz"