docs: correct argon2 example

httpjamesm · httpjamesm · commit 47131ecd2e5c · 2024-11-06T14:26:56.000-05:00
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ This is a client and server implementation of 1Password's [fantastic SRP library
 
 SRP is a fascinating protocol. I highly recommend reading through [1Password's explainer](https://blog.1password.com/developers-how-we-use-srp-and-you-can-too/) to get familiar with its innerworkings and processes first.
 
-## Step 1: Pick a group
+### Step 1: Pick a group
 
 This library uses RFC 5054 groups between 2048 and 8192 bits. 4096 and above are highly recommended. Any lower is unlikely to be secure for the near future.
 
@@ -20,19 +20,31 @@ import { knownGroups } from "secure-remote-password-js";
 const group = knownGroups[4096];
 ```
 
-## Step 2: Pick a KDF
+### Step 2: Pick a KDF
 
 You'll need a Key Derivation Function (KDF) to convert your password into a secure format. While this library includes a simple KDF for testing, you should use a strong KDF like Argon2id, bcrypt, or scrypt in production.
 
 [@phi-ag/argon2](https://github.com/phi-ag/argon2) is a great library for Argon2 in TS.
 
 ```typescript
-import { argon2id } from "@phi-ag/argon2";
-
-const x = argon2id.hash(password, salt);
+import { Argon2Type } from "@phi-ag/argon2";
+import wasm from "@phi-ag/argon2/argon2.wasm?url";
+import initialize from "@phi-ag/argon2/fetch";
+
+const argon2 = await initialize(wasm);
+const hash = argon2.hash(password, {
+  salt,
+  memoryCost: 64 * 1024,
+  timeCost: 1,
+  parallelism: 4,
+  hashLength: 32,
+  type: Argon2Type.Argon2id,
+});
+
+return hash;
 ```
 
-## Step 3: Initialize SRP Client
+### Step 3: Initialize SRP Client
 
 Create an SRP client instance for both server and client sides:
 
@@ -47,7 +59,7 @@ const verifier = client.verifier(); // Generate this during registration
 const server = new SrpClient(knownGroups[4096], verifier, undefined, "server");
 ```
 
-## Step 4: Exchange Public Keys
+### Step 4: Exchange Public Keys
 
 Exchange ephemeral public keys between client and server:
 
@@ -63,7 +75,7 @@ client.setOthersPublic(serverPublicB);
 server.setOthersPublic(clientPublicA);
 ```
 
-## Step 5: Generate Session Key
+### Step 5: Generate Session Key
 
 Both sides can now generate the shared session key:
 
@@ -72,7 +84,7 @@ Both sides can now generate the shared session key:
 const key = client.getKey(); // or server.getKey()
 ```
 
-## Step 6: Verify Both Parties
+### Step 6: Verify Both Parties
 
 Finally, verify that both parties derived the same key:
 
