Module cryptoxide::kdf::argon2
source · Expand description
Argon2 - Argon2 is a Key Derivation Function algorithm, winner of the Password Hashing Competition
This is defined in RFC9106 (HTML)
The algorithm is defined by the following inputs and output:
Function Argon2
Inputs:
password (P): Bytes (0..2^32-1) Password (or message) to be hashed
salt (S): Bytes (8..2^32-1) Salt (16 bytes recommended for password hashing)
parallelism (p): Number (1..2^24-1) Degree of parallelism (i.e. number of threads)
tagLength (T): Number (4..2^32-1) Desired number of returned bytes
memorySizeKB (m): Number (8p..2^32-1) Amount of memory (in kilo bytes) to use
iterations (t): Number (1..2^32-1) Number of iterations to perform
version (v): Number (0x13) The current version is 0x13 (19 decimal)
key (K): Bytes (0..2^32-1) Optional key (Errata: PDF says 0..32 bytes, RFC says 0..232 bytes)
associatedData (X): Bytes (0..2^32-1) Optional arbitrary extra data
hashType (y): Number (0=Argon2d, 1=Argon2i, 2=Argon2id)
Output:
tag: Bytes (tagLength) The resulting generated bytes, tagLength bytes long
Usage
use cryptoxide::kdf::argon2;
let output: [u8; 40] = argon2::argon2::<40>(&argon2::Params::argon2d(), b"my-password", b"saltsaltsaltsalt", b"", b"");
Notes
The size of the salt is not verified, so this implementation can use invalid salt that are out of the realm of expected value for this parameter. this is left to the user, but the recommendation is to follow the expectation of salt length.
The memory-kb parameter is automatically enforced to be at minimum, 8 times the level of the parameter, so if a user chose an invalid memory-kb, the implementation will automatically and silently override the parameter value.
When comparing the ARGON2 tag, always use a constant time equality function. Using non constant time equality could expose your software to timing attack.
This implementation doesn’t provide support for the ARGON2 serialized string. This is left to the user since the URL-like textual format might not be appropriate in some settings and depending on context the user might want a different format for the parameters (e.g. database text columns, etc).