Rand Stats




Password hashing using the libsodium recommended algorithm

Build Status


use Crypt::SodiumPasswordHash;

my $password =  'somepa55word';

my $hash     =  sodium-hash($password);

if sodium-verify($hash, $password ) {

    #  password ok



This module provides a binding to the password hashing functions provided by libsodium.

The algorithm used is the one recomended by the installed version of libsodium. as of version 23 this is a variant of Argon2, but older versions may provide a different one as may future versions. Additionally the sodium-verify should be able to verify a password hash created by other libraries that support the Argon2 family such as Crypt::Argon2.

The hash returned by sodium-hash is in the format used in /etc/shadow and can be verified by other libraries that understand the algorithm. By default the interactive limits for memory and CPU usage are used, which is a reasonable compromise for the time taken for both hashing and verification. If the :sensitive switch is supplied to sodium-hash then both hashing and verification take significantly longer (and use more memory,) so this may not suitable for some applications.


You will need to have C installed for this to work, it is commonly packaged for various Linux distributions, so you should be able to use the usual package management tools.

Assuming that you have a working installation of Rakudo then you should be able to install this with zef :

zef install Crypt::SodiumPasswordHash

# Or from a local clone

zef install .

The tests take a little longer than might be expected because it tests the sensitive profile which is designed to take longer.


If you any suggestions/patches feel free to send them via:


I've tested this with libsodium versions from 13 to 23, but if you find it doesn't work please let me know which version you have installed.

This is free software please see the LICENCE file in the distribution for details.

© Jonathan Stowe 2019 - 2021