I do webdev a lot and originally for learning nim had ported my webapplication nimstoryfont from python/django to nim/prologue. Issue was that back then I used Django's default password hashing, which was pbkdf2-hmac-sha256 with 180000 iterations.
So I reimplemented that. Over the months I learned from chatting with mratsim that argon2 is a much better option though, so I wanted to try my hand at actually using argon2 with libsodium. There's a nice wrapper for it, but honestly the API for it was more complicated than I wanted to deal with in my application.
I want to be able to be as dumb as possible when it comes to password hashing. Me having to know things means giving me the chance to mess up. So I want a simple API that doesn't allow me to make mistakes, and where the validation of passwords can deal with multiple different kinds of hashes without needing re-configuring or anything like it.
Nimword basically does not implement any password-hashing on its own, it just wraps other libraries that implement them into a dumber-API that you (hopefully) can not possibly use wrongly. Which I ripped straight from libsodium and just simplified it slightly and applied it also to other hashing algorithms as libsodium only provides argon2.
You have 2 procs: hashEncodePassword to generate hashes and isValidPassword to validate a password against a given hash. These procs are defined once for every hashing-algorithm that is wrapped and one for the entire module. The proc-versions in the individual hashing algorithm modules may expose additional parameters (so far only the argon2 one does), but generally those will provide sensible defaults.
Currently only the following algorithms are supported:
Shoutout to FedericoCeratto for his really nice wrapper of libsodium there.
The main benefit (and why I wrote this) is it allows you to change your hashing algorithm used for new passwords and thus you can have multiple types of hash-results in your database, yet the package can deal with and validate all of them.
I have already refactored my sideproject nimstoryfont to make use of this package and was finally able to swap to argon2 there. All my old hashes with pbkdf2-hmac-sha256 can still be validated, but anything new will use argon2.