/**
* Hash then encrypt a password
*
* @param HiddenString $password The user's password
* @param EncryptionKey $secretKey The master key for all passwords
* @param string $level The security level for this password
* @return string An encrypted hash to store
*/
public static function hash(HiddenString $password, EncryptionKey $secretKey, string $level = KeyFactory::INTERACTIVE) : string
{
$kdfLimits = KeyFactory::getSecurityLevels($level);
// First, let's calculate the hash
$hashed = \Sodium\crypto_pwhash_str($password->getString(), $kdfLimits[0], $kdfLimits[1]);
// Now let's encrypt the result
return Crypto::encrypt(new HiddenString($hashed), $secretKey);
}