Update hash.hpp change drogon::string_view to std::string_view

[albaropereyra22]

No description provided.

[marty1885]

IMO we could delete these as Drogon supplies SHA3 and BLAKE2b now. These were there because Drogon used to only support SHA1, SHA256 and MD5. I added the new hashes after the Trantor cryptography refactor.

[albaropereyra22]

Nice! Does that mean we should update the login example to use SHA3 or BLAKE2B.

https://github.com/drogonframework/drogon/blob/master/examples/login_session/main.cc

[marty1885]

If you are using drogon-assist - you should use password hash. You should not use SHA3 or BLAKE2b for password in production.

But yes, good idea we should change it to use SHA3 in the demo. But don't remove the comment, it is still a bad idea to use SHA3 for passwords.

[albaropereyra22]

Is that because of the salt? Might as well add pepper; a known string, to add to the entropy. Also shouldn't we make prod ready examples?

[marty1885]

There's a entire list of reason. Salt is just one. Password hash should be really slow. Both using up a lot of cycles and memory (so ASIC attacks are worthless), Algorithms like Argon2 goes beyond that and supports parallelism to further defend against attacks.

Also shouldn't we make prod ready examples?

Yes. The reason Argon2 hasn't been shipped till now is Drogon guarantees that all hashes works regardless which TLS backend you use, or none. That is implemented by supplying our own MD5/SHA1/etc... implementations in C. However the project structure of the Argon2 reference implementation is more complicated then the current supplied hash implementations. I rather people call OpenSSL or Botan themselves then shipping an integration that is hard to audit correctly, on a critical infrastructure and given my limited time to do so.

Feel free to integrate. It is very doable, just lots grunt work to ensure no symbol collision, etc..