How should we apply the salt to the password?

Question

According to Wikipedia:

A rainbow table is ineffective against one-way hashes that include large salts. For example, consider a password hash that is generated using the following function (where "||" is the concatenation operator):
saltedhash(password) = hash(password || salt)
Or
saltedhash(password) = hash(hash(password) || salt)

Say I'm using Argon2(di) to store passwords. Should I use the second method or first method to hash passwords?
And as a more general question, which hash method is typically better in password storage situations? (What about other situations like HMACS?)

Answer 1

Say I'm using Argon2(di) to store passwords. Should I use the second method or first method to hash passwords?

No. Argon2 takes the salt as a separate argument from the password, and takes responsibility internally about how to incorporate them both into the computation. As any specialized password hashing function should.

Ideally, though, you should use a higher-level API that takes care of salt generation and management internally, by encapsulating the use of the password hash with:

• An "enrollment" function that takes a password, generates a salt, and outputs a verification string that encapsulates choice of hashing algorithm, algorithm parameters, salt and hash. See for example the password_hash() in PHP.
• A "verification" function that takes a password and verification string, parses the latter to recover all those parameters, and verifies that the password matches. See, e.g., password_verify() in PHP.

Basically, if you're manually concatenating salts and passwords like your quote from Wikipedia suggests, you're doing it wrong.