using default libnacl hash algorithm could cause problems for upgrades
it seems like 'crypto_pwhash' in the trees plugin does not produce the same hash as RbNaCl::PasswordHash.argon2 does on a modern install of libnacl, even with the same inputs and using the same libsodium.so. This is because rbnacl does not use the default algo from libsodium, but has it's own ALG_DEFAULT constant, which is set to ALG_ARGON2I13, but the libsodium default changes to ALG_ARGON2ID13 (note the D) as of version 1.0.15.
libsodium does make the argon2i and argon2id backwards compatible, however only for password verification, but we are using the binary output of argon as the key for the secretbox so it has to be identical
This means that when we upgrade libsodium to 1.0.15, we could have a problem, because trees just uses the default hash algo from libsodium, which changes in 1.0.15. We will need to figure out how we will migrate old mailboxes.
We are currently using 1.0.11. you can still choose the old algo in passwd_hash, but trees sets it to default_algo. so it will change when you update
Argon2 has three variants: Argon2i, Argon2d, and Argon2id. Argon2d is faster and uses data-depending memory access, which makes it highly resistant against GPU cracking attacks and suitable for applications with no threats from side-channel timing attacks (eg. cryptocurrencies). Argon2i instead uses data-independent memory access, which is preferred for password hashing and password-based key derivation, but it is slower as it makes more passes over the memory to protect from tradeoff attacks. Argon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks.
(https://github.com/P-H-C/phc-winner-argon2) libsodium changed from 2i to 2id in 1.0.15