The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used.